Collide
Category: Web Security
100 points
Solution
Given website has nothing special.
Of course it’s not about making sha256 collision, we can get the flag easier. To satisfy the condition:
if ($_GET['shell'] !== $_GET['pwn'] && hash("sha256", $_GET['shell']) === hash("sha256", $_GET['pwn'])) {
both shell
and pwn
parameters need to have different values. How to fulfil second condition? The answer is: by
crashing the execution of both hash()
calls. It can be done simply by sending shell
and pwn
as an arrays.
Flag
SHELL{1nj3ct_&_coll1d3_9d25f1cfdeb38a404b6e8584bec7a319}