Tags: md5 web php magic-hashes
Rating:
# DarkCTF 2020 – PHP İnformation
* **Category:** web
* **Points:** 198
## Challenge
> Let's test your php knowledge.
>
> Flag Format: DarkCTF{}
>
> http://php.darkarmy.xyz:7001
## Solution
Connecting to the web page will give you the following PHP source code.
```php
Flag : $flag</h1>
";
}
if ($_SERVER["HTTP_USER_AGENT"] === base64_decode("MjAyMF90aGVfYmVzdF95ZWFyX2Nvcm9uYQ==")){
echo "<h1 style='color: chartreuse;'>Flag : $flag_1</h1>
";
}
if (!empty($_SERVER['QUERY_STRING'])) {
$query = $_SERVER['QUERY_STRING'];
$res = parse_str($query);
if (!empty($res['ctf2020'])){
$ctf2020 = $res['ctf2020'];
}
if ($ctf2020 === base64_encode("ZGFya2N0Zi0yMDIwLXdlYg==")){
echo "<h1 style='color: chartreuse;'>Flag : $flag_2</h1>
";
}
}
if (isset($_GET['karma']) and isset($_GET['2020'])) {
if ($_GET['karma'] != $_GET['2020'])
if (md5($_GET['karma']) == md5($_GET['2020']))
echo "<h1 style='color: chartreuse;'>Flag : $flag_3</h1>
";
else
echo "<h1 style='color: chartreuse;'>Wrong</h1>
";
}
?>
```
You have to satisfy all checks to print the flag.
For the last check you have to find [two colliding MD5 strings](https://crypto.stackexchange.com/questions/1434/are-there-two-known-strings-which-have-the-same-md5-hash-value). Based on [this example](https://ideone.com/UyP22Z) you can write your [script](https://raw.githubusercontent.com/m3ssap0/CTF-Writeups/master/DarkCTF%202020/PHP%20%C4%B0nformation/md5_collisions.php) to generate the URL-encoded version of the original strings for which hexadecimal values are provided.
```php
Flag : DarkCTF{</h1>
<h1 style='color: chartreuse;'>Flag : very_</h1>
<h1 style='color: chartreuse;'>Flag : nice</h1>
<h1 style='color: chartreuse;'>Flag : _web_challenge_dark_ctf}</h1>
```
The flag is the following.
```
DarkCTF{very_nice_web_challenge_dark_ctf}
```
