The source code for the PHP page is in Src.tgz.
There is probably no PHP exploit here, you really need to upload two files with same MD5 hash.

```
if(! strstr(shell_exec("pdftotext $pdf1 - | head -n 1 | grep -oP '^NO FLAG!$'"), "NO FLAG!")) {
die("The first pdf does not contain 'NO FLAG!'");
}
```

First we think about uploading the same file (including both strings), but the `head -n 1` command prints only the first line - so this won't work.

Then we've found this cool page about MD5:
[https://github.com/corkami/pocs/blob/master/collisions/README.md](https://github.com/corkami/pocs/blob/master/collisions/README.md)

There is a script for generating collisions for several formats including PDF:
```
echo "NO FLAG!" | enscript -B -o - | ps2pdf - no.pdf
echo "GIVE FLAG!" | enscript -B -o - | ps2pdf - give.pdf
python pdf.py no.pdf give.pdf
```

It creates two files `collision1.pdf` and `collision2.pdf` in less then second...

The flag is:
`35C3_N3v3r_TrusT_MD5`