Web
Last updated
Last updated
The web page asked for verification to be able to receive the flag, which need to submit two "identical images"(same md5 values) but different type of image. Since we deal with images, to evaluate the images that are different by using md5 value to compare between the images.
Exploring the web seem does not found ways to exploit and retrieved the flag. Thus, need to focus on how to make two different images has the same md5 value. After a few research we can make it happen by changing the metadata same as the other image and this vulnerability called md5 collisions when use for security-related hashes. Since it takes too long to copy each metadata, I found this reddit page which give link to google drive of two different images with same md5 value. Submit these two images got the flag we wanted.
Flag: wctf{new_ai_old_algorithm}