Script to recover mt_rand()'s seed with only two outputs and without any bruteforce.
☆162Jan 6, 2020Updated 6 years ago
Alternatives and similar repositories for mt_rand-reverse
Users that are interested in mt_rand-reverse are comparing it to the libraries listed below
Sorting:
- My Real World CTF challenges☆115Sep 19, 2019Updated 6 years ago
- My CTF Challenges☆216Jan 4, 2026Updated last month
- Pwn stuff.☆1,805May 31, 2022Updated 3 years ago
- ☆119Mar 21, 2020Updated 5 years ago
- Multi-language web CGI interfaces exploits.☆399Aug 22, 2022Updated 3 years ago
- a simple tool to detect potential security threat in php code☆316Sep 9, 2024Updated last year
- ☆17May 29, 2018Updated 7 years ago
- Challenges I created for 35c3☆48Dec 31, 2018Updated 7 years ago
- ☆19Aug 1, 2019Updated 6 years ago
- procfs-based PHP sandbox bypass☆133Sep 19, 2018Updated 7 years ago
- Bypassing disabled exec functions in PHP (c) CRLF☆406Oct 2, 2020Updated 5 years ago
- Those are my challenges for multiple CTF!☆10Mar 17, 2024Updated last year
- ☆131Jun 17, 2022Updated 3 years ago
- ☆41Nov 9, 2018Updated 7 years ago
- MySQL fake server for read files of connected clients☆605Jul 23, 2017Updated 8 years ago
- Some of my exploits.☆600Feb 25, 2021Updated 5 years ago
- Writeup and environment for XCTF2021Final-Dubbo☆44May 31, 2021Updated 4 years ago
- PHP 扩展, 用于 PHP-FPM、FastCGI、LD_PRELOAD等模式下突破 disabled_functions☆106Sep 8, 2021Updated 4 years ago
- 针对ctf线下赛流量抓取(php)、真实环境流量抓取分析的工具☆742Jun 2, 2023Updated 2 years ago
- Code-Breaking Puzzles☆292Apr 6, 2025Updated 10 months ago
- JRE8u20_RCE_Gadget☆255Jul 1, 2016Updated 9 years ago
- CVE-2020-8163 - Remote code execution of user-provided local names in Rails☆61Dec 14, 2022Updated 3 years ago
- PHP Runtime Vulnerability Detection☆480May 25, 2019Updated 6 years ago
- writeups for our challenges☆147Dec 11, 2022Updated 3 years ago
- PHPGGC is a library of PHP unserialize() payloads along with a tool to generate them, from command line or programmatically.☆3,753Sep 29, 2025Updated 5 months ago
- 用WebShell攻击PHP-FPM Attacking PHP-FPM with WebShell☆41May 6, 2021Updated 4 years ago
- ☆34Nov 4, 2018Updated 7 years ago
- A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.☆357Sep 20, 2022Updated 3 years ago
- 一个各种方式突破Disable_functions达到命令执行的shell☆1,198Oct 17, 2023Updated 2 years ago
- PoC for CVE-2018-15133 (Laravel unserialize vulnerability)☆260Mar 10, 2024Updated last year
- Probe endpoints consuming Java serialized objects to identify classes, libraries, and library versions on remote Java classpaths.☆613Mar 4, 2021Updated 4 years ago
- MySQL JDBC Deserialization Payload / MySQL客户端jdbc反序列化漏洞payload☆13Feb 8, 2020Updated 6 years ago
- tomcat使用了自带session同步功能时,不安全的配置(没有使用EncryptInterceptor)导致存在的反序列化漏洞,通过精心构造的数据包, 可以对使用了tomcat自带session同步功能的服务器进行攻击。PS:这个不是CVE-2020-9484,9484…☆212May 19, 2020Updated 5 years ago
- A byte code analyzer for finding deserialization gadget chains in Java applications☆1,079Jun 15, 2021Updated 4 years ago
- docker images☆13Oct 23, 2017Updated 8 years ago
- Service Worker 安全探索☆74Nov 5, 2018Updated 7 years ago
- ☆835Jun 7, 2022Updated 3 years ago
- 为应对CTF比赛而搭建的各种环境☆154May 9, 2020Updated 5 years ago
- 一个利用ASM对字节码进行污点传播分析的静态代码审计应用(添加了大量代码注释,适合大家进行源码学习)。也加入了挖掘Fastjson反序列化gadget chains和SQLInject(JdbcTemplate、MyBatis、JPA、Hibernate、原生jdbc等)静…☆458Mar 24, 2022Updated 3 years ago