[GWCTF 2019]枯燥的抽奖
涉及php伪随机数
mt_srand()
mt_rand()
mt_srand(seed)分发seed种子
mt_rand()根据种子生成随机数。
通过密钥转换
str1 = 'abcdefghijklmnopqrstuvwxyz0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ'
str2 = 'w6Tv3Dw8xk'
str3 = str1[::-1]
length = len(str2)
res = ''
for i in range(len(str2)):
for j in range(len(str1)):
if str2[i] == str1[j]:
res += str(j) + ' ' + str(j) + ' ' + '0' + ' ' + str(len(str1) - 1) + ' '
break
print(res)
爆破种子
根据种子解数据
PHP7.1.0+版本下的seed:981623126
<?php
mt_srand(981623126);
$str_long1 = "abcdefghijklmnopqrstuvwxyz0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ";
$str='';
$len1=20;
for ( $i = 0; $i < $len1; $i++ ){
$str.=substr($str_long1, mt_rand(0, strlen($str_long1) - 1), 1);
}
echo $str;
#输出w6Tv3Dw8xkyo8M3VBT6Y与原来的前10位完全吻合