If you like to read our old blogs you are welcome, I4INFO
Ya in this blog I would like to discuss, the ASIS Ctf question "Impossible".I didn't solve this during the competition time, the problem was awesome.
Most of the ctf the robots.txt file would be an area where some hint would be present. Ya in the case of ASIS, the 2 problem was given in the robots.txt.
This is awesome problem problem, and new attack for me to learn, this was based on vulnerability in the php equal operator or you can say hash collition attack. Thanks to the dragon sector team for their blog on this. Based on the users.dat file given, one can find that md5 equality operation in the get_user() was the reason behind getting the flag.
Anyway the main reason behind the bypass of the equal to operation was because php return the true when the hashes starting with "0e" are compared.Already a username in the users.dat is starting with 0e. So the motive of us was to find the another string whose hash starts with "0e".
This was an awesome problem, thanks to the ctftime writeup on this. Once you get another string whose hash starts with 0e, you can register with that user. That would give the password of the users.dat 's registered user. Thus we can login with the old username this password.
Thank you for reading the blog!