[Web] easyseed - Donek1 xp0int Posted on Sep 6 2020 扫描目录发现备份备件index.bak  使用mt_rand获取随机数,比较老套的思路了,爆破种子,获取所以随机数就能得到对应lock的key 这里使用php_mt_seed来爆破,先用脚本生成需要输入的信息 ``` $pass_now = "vEUHaY"; $allowable_characters = 'abcdefghigklmnopqrstuvwxyzABCDEFGHIGKLMNOPQRSTUVWXYZ'; $len = strlen($allowable_characters) - 1; for($j = 0; $j < strlen($pass_now); $j++) { for ($i = 0; $i < $len; $i++) { if($pass_now[$j] == $allowable_characters[$i]) { echo "$i $i 0 51 "; break; } } } ``` 用php_mt_seed爆破  获取key ``` mt_srand(718225); echo mt_rand(0,61).","; a1 = "abcdefghigklmnopqrstuvwxyzABCDEFGHIGKLMNOPQRSTUVWXYZ"; b1 = "1294567890abcdefghigklmnopqrstuvwxyzABCDEFGHIGKLMNOPQRSTUVWXYZ" print(len(a1)) print(len(b1)) print key1 = "vEUHaY" aaa = '23,53,29,26,42,53,7,22,29,13,2,61,50,51,34,44'.split(",") st = '' for i in aaa: st += b1[int(i)] print st ```  flag: flag{6e5b51029a9a9ccd6d6b0f9ala58c494} 打赏还是打残,这是个问题 赏 Wechat Pay Alipay [Pwn] babyrpc - cpt.shao [Crypto] confused_flag - match
没有帐号? 立即注册