C
C
CTF-WriteUp
Search
⌃K

枯燥的抽奖

接口请求了check.php
写脚本:
<?php
mt_srand($_SESSION['seed']);
$str_long1 = "abcdefghijklmnopqrstuvwxyz0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ";
$str_show = 'faANNqh47O';
for ($value = 0; $value < strlen($str_show); $value++) {
echo strpos($str_long1, substr($str_show, $value, 1)) . ' ' . strpos($str_long1, substr($str_show, $value, 1)) . ' 0 61 ';
}
php_mt_seed爆破
写个脚本代入就出了
<?php
mt_srand(50560444);
$str_long1 = "abcdefghijklmnopqrstuvwxyz0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ";
$str='';
$len1=20;
for ( $i = 0; $i < $len1; $i++ ){
$str.=substr($str_long1, mt_rand(0, strlen($str_long1) - 1), 1);
}
echo $str;
?>
这题比较坑的是PHP版本必须在7.1以上,我拿着5.6去弄,就踩坑了,贼恶心,不够细心。