It looks like this site[1] uses MD5 to hash passwords, but I don't think they're doing it quite right... Hint: Look at the PHP md5 function. What does it do when the second argument is True, and how can you make use of that? [1]https://2013.picoctf.com/problems/php3/