page displays:
# Make sha256 collide and you shall be rewarded
**The source!**
        <h1> Make sha256 collide and you shall be rewarded </h1>

        The source!

            print $source;

            if (isset($_GET['shell']) && isset($_GET['pwn'])) {
                if ($_GET['shell'] !== $_GET['pwn'] && hash("sha256", $_GET['shell']) === hash("sha256", $_GET['pwn'])) {
                } else {
                    echo("<h1>Try harder!</h1>");
            } else {
                echo("<h1>Collisions are fun to see</h1>");
            } ?>
# Collisions are fun to see

1) looks like we need to make a sha256 collision using the variables 'shell' & 'pwn' on url/index.php.
2) setting values nothing with returns "Try Harder!"
3) feeding them values as both 0 returns the same "Try Harder!" message.
4) googling around i saw a [workaround on stack overflow](https://stackoverflow.com/questions/53080807/sha256-hash-collisions-between-two-strings/53081240)
5) basically assign the values of shell and pwn as arrays to break the hashing algorithm

**flag: SHELL{1nj3ct\_&\_coll1d3\_9d25f1cfdeb38a404b6e8584bec7a319}**

Original writeup (https://github.com/ivanchubb/CTF-Writeups/blob/main/2021/S.H.E.L.L.%20CTF/collide.md).