Daddy told me about cool MD5 hash collision today.
I wanna do something like that too!
ssh [email protected] -p2222 (pw:guest)
The target program converts the argument from a 20 bytes string to an array of 5 integers and sum them up. If the sum equals to
0x21DD09EC, it will output the flag. I craft the input with 4 integers of
\x01\x01\x01\x01 (just for padding) plus an integer of the difference to the target hashcode. The difference can be calculated as follows.
from pwn import *
After calculating the difference, which is
\xe8\x05\xd9\x1d, we can solve the problem with the input mentioned above.
$ ./col $'\xe8\x05\xd9\x1d\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01'
daddy! I just managed to create a hash collision :)