comment 0

WriteUp : PWNABLE.kr Part 2 [col]

Part 2 of this CTF is called [col] , the question is

Daddy told me about cool MD5 hash collision today.
I wanna do something like that too!

ssh col@pwnable.kr -p2222 (pw:guest)

let’s connect to that server and see what they have there :D

ls_la

ah ha, similar with part 1 , ok so we will do the same things, check the source , add some logs,

 

source_col

so, in this challenge we need to enter pass code, which is it must be in 20 bytes.


Sponsored links


ok, we can add logs, and try to run it

lognya

so, according to check_password() function, we need to find sum of 4 bit equal with hascode ( 0x21DD09EC ) ,

loglog

I tried to input \x01 muliply with 20 to get 20 bytes, the result as above is wrong password because the value is 0x5050505 , we need the value is equal with 0x21DD09EC.

it’s easy, let calculate it

x = 0x21DD09EC – 0x4040404

x = 0x1DD905E8

so, we need to input 20 bytes as `python -c “print ‘\x01’*16 + ‘\xE8’ + ‘\x05’ + ‘\xD9’ + ‘\x1D’ “`

0x4040404 equal with \0x1 * 16, let see the result of flag

resutl

the flag is : daddy! I just managed to create a hash collision :)

Leave a Reply

Your email address will not be published. Required fields are marked *