Masquerade VM Walkthrough Part 2

It’s been some time since I’ve poked my head and tried to write something technical online, in December I gave a walkthrough of a CTF VM that I developed for a local CTF. I didn’t fully finish the walkthrough (theres a lot!). In this part, the technical challenges start to spice up, involving knowledge in data type overflows in PHP and reverse engineering Linux ELF files. I really enjoyed making this challenge, although sometimes I feel I made it a little too abstract, especially with the integer overflows and login flags, but never the less, it was a learning experience! I apologise to anyone who can’t follow my writing, I’m not the greatest writer. I left the last post which you can find here where we were on a login screen, it looks a bit like a famous web shell, at least, the theme on the web response does, perhaps not the functionality.

Continue reading