PHP series 4

S C E N A R I O
A PHP-based admin authentication system validates access using an MD5 hash combined with a static salt. The application checks whether the hash of a user-supplied token matches one of several precomputed values.

However, the validation relies on loose comparison behavior, which may introduce unexpected weaknesses in how hashes are evaluated. Additionally, the application exposes its source code through a dedicated endpoint, giving insight into its internal logic.

O B J E C T I V E
Analyze the authentication mechanism, identify weaknesses in the validation logic, and gain admin access to retrieve the flag.

Infrastructure PHP Web Application

Provided Files Delivered via web interface 

Flag Format Flag{}