Tags: md5 web 

Rating:

Hitting the the url provided we are greated with a php highlited file:

```
1
```

So we need to provide a GET call with the parameter of md5 and the value needs to equal 3 chars and when md5'd needs to equal the float value of the passed value. This will then highlight the flag.php file, if we fail to get flag.php we are given the md5 sum of the value passed.

We could bruteforce this with requests and regex for radar{ but before going down that route I tested a couple of values by hand, as luck would have it - third time lucky --:

`http://blackfoxs.org/radar/md5play/?md5=xa.`

Resulting in :

```
1
```

Cy6erDApril 7, 2019, 7:31 a.m.

++