zh3r0 CTF-Are you the Master? 1 Official Write-up

This is just a simple md5collision challenge. When you visit the given link, You are greeted with this:

If you view the source code it says:

<!DOCTYPE html> <h1><b>Hello</b></h1><h2>Welcome to the best collision</h2><br><img src=’extras/lol.webp’><! — view.php may help you →

If you go to view.php, then you are given the source code:

You can see that its taking 2 get requests one and two.

Also it is checking whether one is not equal to two.

Then it is checking whether md5 hash of one is = to md5 hash of two.

So if we supply 2 values such that md5(one)=md5(2), It prints the answer.
In this case I am using two values I got from here:

240610708 and QLTHNDT

You just need to pass it through URL like:

http://134.209.157.250:9000/?one=240610708&two=QLTHNDT

You get a black image click at it, You will get a pop up saying:

Flag:
zh3r0{https://tinyurl.com/y8t4hy4u}

Also note for md5 collision to work it should be == and not ===. Read more about it here