0

is there a way to bypass !== or a way to know what is in $slat? or the solution is different in the below CTF?

Note: we don't know what is $salt so I guess MD5 collision is not possible. 

$second = $_GET['second_flag'];
$third = $_GET['sechalf_flag'];

if(isset($_GET['second_flag']) && isset($_GET['sechalf_flag'])){
    if($second !== $third){
        if(hash('md5', $salt . $second) == hash('md5', $salt . $third)){
            echo $flag2;
        }
        else{
            die();
        }
    }
    else{
        die();
    }
}
else{
    die();
}
Edit316
  • 1
  • 1
  • @Jeto the hard part here is the $_GET vars, that will always be string. – Felippe Duarte Apr 17 '20 at 15:36
  • 2
    Try `?second_flag[]=a&sechalf_flag[]=b`. This should append `Array` to both strings to be hashed (and generate a `Notice`, but I suppose that doesn't matter for a CTF), yet those arrays are strictly different. – Jeto Apr 17 '20 at 15:50
  • Even if I passed the strict comparison...I am not sure what it next as we don't know what is $salt :) – Edit316 Apr 17 '20 at 16:25
  • @ibrahimalthobiane It probably doesn't matter. The only thing that should matter if that it's the same `$salt` for both hashes. What I mentioned earlier should work for any salt value. – Jeto Apr 17 '20 at 20:20

0 Answers0