So that’s quite a tricky challenge requiring all the md5 input fields to collide. While trying to solve this and researching about collisions further I gathered the following resources:
http://cryptologie.net/article/268/how-to-compare-password-hashes-in-php/
https://github.com/spaze/hashes
http://turbochaos.blogspot.bg/2013/08/exploiting-exotic-bugs-php-type-juggling.html
https://pen-testing.sans.org/blog/2014/12/18/php-weak-typing-woes-with-some-pontification-about-code-and-pen-testing @joshwr1ght
It may also be a good idea to look at the birthday problem and the birthday attack.
Additional threads:
https://stackoverflow.com/questions/22140204/why-md5240610708-is-equal-to-md5qnkcdzo
https://stackoverflow.com/questions/12598407/php-expresses-two-different-strings-to-be-the-same/12598484#comment17003890_12598407
http://digitalloft.org/init/plugin_wiki/page/juggling-hashes-with-your-eyes-closed-in-php
I’ve still not found a solution to it as md5 preimage attacks do not seem to be currently achievable, however I consider the above resources were a good way to start.
Update: the solution on how to generate md5 collisions and send binary data over HTTP is described in the Homeless CTF walkthrough md5 collisions and the way php interprets types (php hash collisions)
As I was recently working on the Homeless vulnhub CTF by Min Ko Ko, one of steps required to proceed further contained the following code:
So that’s quite a tricky challenge requiring all the md5 input fields to collide. While trying to solve this and researching about collisions further I gathered the following resources:
http://cryptologie.net/article/268/how-to-compare-password-hashes-in-php/
https://github.com/spaze/hashes
http://turbochaos.blogspot.bg/2013/08/exploiting-exotic-bugs-php-type-juggling.html
https://pen-testing.sans.org/blog/2014/12/18/php-weak-typing-woes-with-some-pontification-about-code-and-pen-testing @joshwr1ght
It may also be a good idea to look at the birthday problem and the birthday attack.
Additional threads:
https://stackoverflow.com/questions/22140204/why-md5240610708-is-equal-to-md5qnkcdzo
https://stackoverflow.com/questions/12598407/php-expresses-two-different-strings-to-be-the-same/12598484#comment17003890_12598407
http://digitalloft.org/init/plugin_wiki/page/juggling-hashes-with-your-eyes-closed-in-php
I’ve still not found a solution to it as md5 preimage attacks do not seem to be currently achievable, however I consider the above resources were a good way to start.
Update: the solution on how to generate md5 collisions and send binary data over HTTP is described in the Homeless CTF walkthrough
So that’s quite a tricky challenge requiring all the md5 input fields to collide. While trying to solve this and researching about collisions further I gathered the following resources:
http://cryptologie.net/article/268/how-to-compare-password-hashes-in-php/
https://github.com/spaze/hashes
http://turbochaos.blogspot.bg/2013/08/exploiting-exotic-bugs-php-type-juggling.html
https://pen-testing.sans.org/blog/2014/12/18/php-weak-typing-woes-with-some-pontification-about-code-and-pen-testing @joshwr1ght
It may also be a good idea to look at the birthday problem and the birthday attack.
Additional threads:
https://stackoverflow.com/questions/22140204/why-md5240610708-is-equal-to-md5qnkcdzo
https://stackoverflow.com/questions/12598407/php-expresses-two-different-strings-to-be-the-same/12598484#comment17003890_12598407
http://digitalloft.org/init/plugin_wiki/page/juggling-hashes-with-your-eyes-closed-in-php
I’ve still not found a solution to it as md5 preimage attacks do not seem to be currently achievable, however I consider the above resources were a good way to start.
Update: the solution on how to generate md5 collisions and send binary data over HTTP is described in the Homeless CTF walkthrough