Break In CTF 2018 Challenge [Web 500pts] | January 22, 2018

Break In 2018 - Connecting Will


Will is lost in the Upside-Down and is stuck with the Demogorgon. El is looking for Will, when, she stumbles across a piece of code that Will wrote. The Demogorgon could not decipher the code and hence just left it lying around. El needs your help to find the 2 numbers that can get her the secret key which Will was trying to share. Can you help her?

enter image description here

The website shows a login form with a First Number and a Last Number. From the given source code we can assume that we need to put 2 hashes that have the same value,
In order to solve this challenge we could look for a md5 collision

md5(‘240610708’) ‘s result is 0e462097431906509019562988736854


md5(‘QNKCDZO’) ‘s result is 0e830400451993494058024219903391.

0 == 0 when compared with == they give us True

but with this we will not be accessed because we have

($hash1 != $hash2)

by looking on :

$hash2 = strtr($hash2, “abcd”, “0123”);

i use this site to get some hashes who started by
ae ;)

dlhkwp : ae46007dc4407b097dc1d216cd48d15d
‘a’ will be replaced by 0 (0e)

so :
ae46007dc4407b097dc1d216cd48d15d != 0e462097431906509019562988736854
after that a,b,c,d will be replaced by 0,1,2,3
0e460073244071097321321623483153 equal 0e462097431906509019562988736854 (true)

first number : 240610708
last number : dlhkwp

Success. The flag is BREAKIN{I_Will_Connect}

#0v3n_Sh3ll ❤

Written on January 22, 2018