利用工具 php_mt_seed
<?php
// php 7.2function white_list() {return mt_rand();}echo white_list(), "\n";echo white_list(), "\n";echo white_list(), "\n";
输入命令:
./php_mt_seed 1035656029
<?phpmt_srand(1810951568);//手工播种echo mt_rand() . " ";
echo mt_rand() . " ";
echo mt_rand() . " ";
1.
opAvIkKEuk
<?php
#这不是抽奖程序的源代码!不许看!
header("Content-Type: text/html;charset=utf-8");
session_start();
if(!isset($_SESSION['seed'])){
$_SESSION['seed']=rand(0,999999999);
}mt_srand($_SESSION['seed']);
$str_long1 = "abcdefghijklmnopqrstuvwxyz0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ";
$str='';
$len1=20;
for ( $i = 0; $i < $len1; $i++ ){$str.=substr($str_long1, mt_rand(0, strlen($str_long1) - 1), 1);
}
$str_show = substr($str, 0, 10);
echo "<p id='p1'>".$str_show."</p>";if(isset($_POST['num'])){if($_POST['num']===$str){echo "<p id=flag>抽奖,就是那么枯燥且无味,给你flag{xxxxxxxxx}</p>";}else{echo "<p id=flag>没抽中哦,再试试吧</p>";}
}
show_source("check.php"); 反向解密出时间序列
<?php
$pass_now = "lNWTvHufgV";
$allowable_characters = 'abcdefghijklmnopqrstuvwxyz0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ';
$len = strlen($allowable_characters) - 1;
for($j = 0; $j < strlen($pass_now); $j++)
{for ($i = 0; $i < $len; $i++) {if($pass_now[$j] == $allowable_characters[$i]){echo "$i $i 0 61 ";break;}}
?>.
echo "$i $i 0 61 ";这么构造是因为使用工具的时候若有多个参数,每四个一组,前两个参数表示mt_rand第一次输出的区间,后两个参数表示mt_rand输出的区间所以前两个就是都是$i后面两个就是$allowable_characters 的长度有关,这里长度为62,所以是061
再用种子跑
