Description
Daddy told me about cool MD5 hash collision today.
I wanna do something like that too!
ssh [email protected] -p2222 (pw:guest)
Exploit
1 | #include <stdio.h> |
The target program converts the argument from a 20 bytes string to an array of 5 integers and sum them up. If the sum equals to 0x21DD09EC
, it will output the flag. I craft the input with 4 integers of \x01\x01\x01\x01
(just for padding) plus an integer of the difference to the target hashcode. The difference can be calculated as follows.
1 | from pwn import * |
After calculating the difference, which is \xe8\x05\xd9\x1d
, we can solve the problem with the input mentioned above.
$ ./col $'\xe8\x05\xd9\x1d\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01' |
Flag:
daddy! I just managed to create a hash collision :)