Rating:

The index.php file is available:


". md5($_REQUEST["combination"]); } if(md5($_REQUEST["combination"]) == \$hash){
echo "
The Flag is flag{...}
";
}
else{
echo "
Wrong!
";
}

}
?>


The value of hash is just a number using scientific notation. This is a php loose comparison. Using a input that will also be considered as a number will set the condition to true. We use 240610708, which md5 hash is 0e462097431906509019562988736854, as a password and we got the flag.

The Flag is flag{!5_Ph9_5TronGly_7yPed?}

Original writeup (https://maggick.fr/2020/04/hackpack-ctf-2020.html).