- // php 7.2
-
- function white_list() {
-
- return mt_rand();
-
- }
-
- echo white_list(), "\n";
-
- echo white_list(), "\n";
-
- echo white_list(), "\n";
输入命令:
./php_mt_seed 1035656029
-
-
- mt_srand(1810951568);//手工播种
-
- echo mt_rand() . " ";
- echo mt_rand() . " ";
- echo mt_rand() . " ";
1.
- opAvIkKEuk
- #这不是抽奖程序的源代码!不许看!
- header("Content-Type: text/html;charset=utf-8");
- session_start();
- if(!isset($_SESSION['seed'])){
- $_SESSION['seed']=rand(0,999999999);
- }
-
- mt_srand($_SESSION['seed']);
- $str_long1 = "abcdefghijklmnopqrstuvwxyz0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ";
- $str='';
- $len1=20;
- for ( $i = 0; $i < $len1; $i++ ){
- $str.=substr($str_long1, mt_rand(0, strlen($str_long1) - 1), 1);
- }
- $str_show = substr($str, 0, 10);
- echo "
"
.$str_show.""; -
-
- if(isset($_POST['num'])){
- if($_POST['num']===$str){
- echo "
抽奖,就是那么枯燥且无味,给你flag{xxxxxxxxx}
"; - }
- else{
- echo "
没抽中哦,再试试吧
"; - }
- }
- show_source("check.php");
反向解密出时间序列
- $pass_now = "lNWTvHufgV";
- $allowable_characters = 'abcdefghijklmnopqrstuvwxyz0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ';
- $len = strlen($allowable_characters) - 1;
- for($j = 0; $j < strlen($pass_now); $j++)
- {
- for ($i = 0; $i < $len; $i++) {
- if($pass_now[$j] == $allowable_characters[$i])
- {
- echo "$i $i 0 61 ";
- break;
- }
- }
- ?>
.
echo "$i $i 0 61 ";
这么构造是因为使用工具的时候若有多个参数,每四个一组,前两个参数表示mt_rand第一次输出的区间,后两个参数表示mt_rand输出的区间
所以前两个就是都是$i
后面两个就是$allowable_characters 的长度有关,这里长度为62,所以是0
61
再用种子跑