📊 Challenge Overview

Category	Details	Additional Info
🏆 Event	PicoGym	Event Link
🔰 Category	Web	🌐
💎 Points	500	Out of 500 total
⭐ Difficulty	🟡 Medium	Personal Rating: 2/10
👤 Author	madStacks	Profile
🎮 Solves (At the time of flag submission)	22.043	solve rate
📅 Date	21-02-2025	PicoGym
🦾 Solved By	mH4ck3r0n3	Team:

📝 Challenge Information

I sent out 2 invitations to all of my friends for my birthday! I’ll know if they get stolen because the two invites look similar, and they even have the same md5 hash, but they are slightly different! You wouldn’t believe how long it took me to find a collision. Anyway, see if you’re invited by submitting 2 PDFs to my website. http://mercury.picoctf.net:55343/

🎯 Challenge Files & Infrastructure

Provided Files

1	Files: None

🔍 Initial Analysis

First Steps

Initially, the website appears as follows:

With an upload form for two files. From the description of the challenge, I understood that two different files must be uploaded but with the same MD5. This is a vulnerability called MD5 Collision, where it’s possible to change some sections of the file and obtain the same md5 for both files, even though they are different. After doing some research, I found a tool https://github.com/brimstone/fastcoll that allows generating two files with the same md5 but actually different, exploiting a collision. Let’s proceed with the exploitation.

🔬 Vulnerability Analysis

Potential Vulnerabilities

• MD5 Collision Attack

🎯 Solution Path

Exploitation Steps

Initial setup

First, I installed fastcoll and generated the files with the collision:

1 2 3 4 5

git clone https://github.com/upbit/clone-fastcoll fastcoll cd fastcoll make cd .. ./fastcoll/fastcoll md5_data

This created two files, md5_data1 and md5_data2. In fact, when trying to use md5sum, which generates the hash of the file:

1	md5sum md5_data*

As we can see, they are identical. Now, let’s check if the content is also identical, since there is a check during the upload phase to see if the files are exactly the same. We can do this with the diff command:

1	diff md5_data1 md5_data2

As we can see, there are differences (otherwise, the output would be empty). Now that we’ve created the files, let’s move on to the exploitation.

Exploitation

The files created are binary files without an extension. However, I discovered through a test that by changing the extension of any file to .pdf, the server accepted it. Since there is no actual check on the file’s header, we can directly rename the two files created earlier:

1 2	mv md5_data1 collision1.pdf mv md5_data2 collision2.pdf

and proceed with the upload:

By doing so, I obtained the flag.

Flag capture

🛠️ Exploitation Process

Approach

The automatic exploit uses subprocess to generate two files with the same MD5 but different content (thus creating a collision) via the tool fastcoll. Once the two files are generated, they are renamed with the .pdf extension since there is a file extension check during the upload process. Then, a POST request is made to upload the files, and the flag is extracted from the response using a regex.

1 2 3 4

# Requirements git clone https://github.com/upbit/clone-fastcoll fastcoll cd fastcoll make

•  Exploit

🚩 Flag Capture

Flag

Proof of Execution

Screenshot of successful exploitation

🔧 Tools Used

Tool	Purpose
Python	Exploit
Fastcoll	MD5 Collision Generation

💡 Key Learnings

New Knowledge

I learned that MD5 is not secure because collisions can be generated.

Skills Improved

• Binary Exploitation
• Reverse Engineering
• Web Exploitation
• Cryptography
• Forensics
• OSINT
• Miscellaneous

📚 References & Resources

Learning Resources

• https://shattered.io/
• https://ms-geeky.medium.com/md5-collision-attack-seed-security-labs-26c0014a4062
• https://en.wikipedia.org/wiki/MD5
• https://github.com/brimstone/fastcoll?tab=readme-ov-file

📊 Final Statistics

Created: 21-02-2025 • Last Modified: 21-02-2025 *Author: mH4ck3r0n3 • Team: *