Wildest Dreams Pt. 2 (CTF.SG 2022)

1989.php

Once we open this file, a simple glance through the source code shows that the flag will be revealed once md5(i1) == md5(i2).

The only requirements for i1 and i2 is that they shouldn’t be the same, and they must have a length of more than 15 characters.

In php, two strings matching the regular expression 0+e[0-9]+ compared with == returns true. Thus, strings such as 0e69, 0e12 etc will return true when compared with each other.

Some md5 hashes will output hashes starting with 0e, and these are called magic hashes, you can read up on them here.

Thus, all we need to do is to pass in 2 strings which will evaluate to 0e..., and viola, we get the flag! These strings are easily found by searching md5 magic hashes on google. The ones I used were hashcatsB4SOwuGVuoe and hashcatfaXyv0NCydC2, which I took from https://github.com/spaze/hashes/blob/master/md5.md.

You can see from here that both strings evaluate to 0e... when converted to an md5 hash.

Query to get flag: http://chals.ctf.sg:40401/1989.php?i1=hashcatsB4SOwuGVuoe&i2=hashcatfaXyv0NCydC2

Flag

The flag is: CTFSG{you_see_me_in_h1nds1ght_tangled_up_with_you_all_night}