Part 2 of this CTF is called [col] , the question is
Daddy told me about cool MD5 hash collision today.
I wanna do something like that too!
ssh email@example.com -p2222 (pw:guest)
let’s connect to that server and see what they have there :D
ah ha, similar with part 1 , ok so we will do the same things, check the source , add some logs,
so, in this challenge we need to enter pass code, which is it must be in 20 bytes.
ok, we can add logs, and try to run it
so, according to check_password() function, we need to find sum of 4 bit equal with hascode ( 0x21DD09EC ) ,
I tried to input \x01 muliply with 20 to get 20 bytes, the result as above is wrong password because the value is 0x5050505 , we need the value is equal with 0x21DD09EC.
it’s easy, let calculate it
x = 0x21DD09EC – 0x4040404
x = 0x1DD905E8
so, we need to input 20 bytes as `python -c “print ‘\x01’*16 + ‘\xE8’ + ‘\x05’ + ‘\xD9’ + ‘\x1D’ “`
0x4040404 equal with \0x1 * 16, let see the result of flag
the flag is : daddy! I just managed to create a hash collision