[GWCTF 2019]枯燥的抽奖 1——php_mt_seed

又是一道php伪随机数 记录它不是因为难 而是看到wp里有个比较好的脚本
遂收藏一波
(上一次做伪随机数的脚本都找不到了QWQ 编程能力是硬伤QWQ tcl)

#这不是抽奖程序的源代码！不许看！
# pjfW4HxlYF
header("Content-Type: text/html;charset=utf-8");
session_start();
if(!isset($_SESSION['seed'])){
     
$_SESSION['seed']=rand(0,999999999);
}

mt_srand($_SESSION['seed']);
$str_long1 = "abcdefghijklmnopqrstuvwxyz0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ";
$str='';
$len1=20;
for ( $i = 0; $i < $len1; $i++ ){
     
    $str.=substr($str_long1, mt_rand(0, strlen($str_long1) - 1), 1);       
}
$str_show = substr($str, 0, 10);
echo "
".$str_show."
";


if(isset($_POST['num'])){
     
    if($_POST['num']===$str){
     x
        echo "
抽奖，就是那么枯燥且无味，给你flag{xxxxxxxxx}
";
    }
    else{
     
        echo "
没抽中哦，再试试吧
";
    }
}
show_source("check.php");

str1='abcdefghijklmnopqrstuvwxyz0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ'
str2='pjfW4HxlYF'
str3 = str1[::-1]
length = len(str2)
res=''
for i in range(len(str2)):  
    for j in range(len(str1)):
        if str2[i] == str1[j]:
            res+=str(j)+' '+str(j)+' '+'0'+' '+str(len(str1)-1)+' '
            break
print(res)

爆破种子

用爆破出来的种子重新跑一遍php

 
mt_srand(959242927);
$str_long1 = "abcdefghijklmnopqrstuvwxyz0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ";
$str='';
$len1=20;
for ( $i = 0; $i < $len1; $i++ ){
     
    $str.=substr($str_long1, mt_rand(0, strlen($str_long1) - 1), 1);       
}
echo "
".$str."
";