利用工具 php_mt_seed
<?php
// php 7.2
function white_list() {
return mt_rand();
}
echo white_list(), "\n";
echo white_list(), "\n";
echo white_list(), "\n";
输入命令:
./php_mt_seed 1035656029
<?php
mt_srand(1810951568);//手工播种
echo mt_rand() . " ";
echo mt_rand() . " ";
echo mt_rand() . " ";
1.
opAvIkKEuk
<?php
#这不是抽奖程序的源代码!不许看!
header("Content-Type: text/html;charset=utf-8");
session_start();
if(!isset($_SESSION['seed'])){
$_SESSION['seed']=rand(0,999999999);
}
mt_srand($_SESSION['seed']);
$str_long1 = "abcdefghijklmnopqrstuvwxyz0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ";
$str='';
$len1=20;
for ( $i = 0; $i < $len1; $i++ ){
$str.=substr($str_long1, mt_rand(0, strlen($str_long1) - 1), 1);
}
$str_show = substr($str, 0, 10);
echo "<p id='p1'>".$str_show."</p>";
if(isset($_POST['num'])){
if($_POST['num']===$str){
echo "<p id=flag>抽奖,就是那么枯燥且无味,给你flag{xxxxxxxxx}</p>";
}
else{
echo "<p id=flag>没抽中哦,再试试吧</p>";
}
}
show_source("check.php");
反向解密出时间序列
<?php
$pass_now = "lNWTvHufgV";
$allowable_characters = 'abcdefghijklmnopqrstuvwxyz0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ';
$len = strlen($allowable_characters) - 1;
for($j = 0; $j < strlen($pass_now); $j++)
{
for ($i = 0; $i < $len; $i++) {
if($pass_now[$j] == $allowable_characters[$i])
{
echo "$i $i 0 61 ";
break;
}
}
?>
.
echo "$i $i 0 61 ";
这么构造是因为使用工具的时候若有多个参数,每四个一组,前两个参数表示mt_rand第一次输出的区间,后两个参数表示mt_rand输出的区间
所以前两个就是都是$i
后面两个就是$allowable_characters 的长度有关,这里长度为62,所以是0
61
再用种子跑