Level 13 – Hackoween II #ZomatoCTF

I like my memes like my Potatoes, deep fried

This level gave two file upload fields, one for file containing username and one for file containing password. Noice.

It is said that password and username are same. But when you upload file with same content, it says

username and password can't be same

So files need to be different but same? How? This statement is colliding with itself. COLLIDING

You can generate two files with different content but same MD5 hash. It’s called Hashing Collision.
More about md5 collision here.

I tried uploading two different images with same md5.

But that didn’t work. So I went on with other challenges.

But MD5 wasn’t the solution. It was SHA1. Got the files from https://shattered.io/

The both files are different but have same SHA1 value (38762cf7f55934b34d179ae6a4c80cadccbb7f0a).
Uploaded the file with same SHA1 checksum value and it gave out the flag.

Leave a Reply

Your email address will not be published. Required fields are marked *