Collide
Category: Web Security
100 points
Solution
Given website has nothing special.
Of course it’s not about making sha256 collision, we can get the flag easier. To satisfy the condition:
if ($_GET['shell'] !== $_GET['pwn'] && hash("sha256", $_GET['shell']) === hash("sha256", $_GET['pwn'])) {both shell and pwn parameters need to have different values. How to fulfil second condition? The answer is: by
crashing the execution of both hash() calls. It can be done simply by sending shell and pwn as an arrays.
Flag
SHELL{1nj3ct_&_coll1d3_9d25f1cfdeb38a404b6e8584bec7a319}