hashcat
, but that did not succeed.==
(double equals) instead of ===
(Triple equals). PHP interprets strings with only numbers and an e
in them as float number format strings (numerical strings). If you use ==
in php, when you compare a number with a string or the comparison involves numerical strings, then each string is converted to a number and the comparison is performed numerically.0e
followed by only digits then when it is compared to the stored hash, it will evaluate to true. Both of the strings are converted to 0
when compared with ==
. If you want to compare them as strings, you should use ===
(strict comparison) instead. More info: https://stackoverflow.com/a/221402660e
and contains only digits after that. It took about 3 minutes 30 seconds to find a valid password doing about 600,000 to 700,000 attempts per second. The discovered password was acpgvxjy
and entering it into the site displays the flag.theLOOSEtheMATH&theTRUTHY