collision

1. ls -la and file commands tell us there are three files:

2. An executable col

3. A C file: col.c
4. An inaccessible file: flag
5. cat col.c : observing the source code tells us that the program accepts a 20-bytes cmd arg which is converted from const char* to int*, 20 chars giving 5 integers, whose sum is compared to hashcode 0x21DD09EC.
6. 0x21DD09EC is not divisible by 5, so we can write it as 0x06C5CEC8 * 4 + 0x06C5CECC
7. Due to little-endianness, we input the reverse of every 4 bytes:

bash ./col `python -c "print('\xc8\xce\xc5\x06'*4+'\xcc\xce\xc5\x06')"`