**TLDR**: CRYPT_BLOWFISH truncates passwords after 72 bytes allowing arbitrary data to be added without changing the resulting hash. This can be abused in this case to perform an LFI to read the flag.

Original writeup (https://www.norelect.ch/writeups/insomnihack2025/hawkta/).