Script to recover mt_rand()'s seed with only two outputs and without any bruteforce.
☆161Jan 6, 2020Updated 6 years ago
Alternatives and similar repositories for mt_rand-reverse
Users that are interested in mt_rand-reverse are comparing it to the libraries listed below
Sorting:
- My Real World CTF challenges☆115Sep 19, 2019Updated 6 years ago
- My CTF Challenges☆216Jan 4, 2026Updated 2 months ago
- Pwn stuff.☆1,804May 31, 2022Updated 3 years ago
- a simple tool to detect potential security threat in php code☆316Sep 9, 2024Updated last year
- Multi-language web CGI interfaces exploits.☆399Aug 22, 2022Updated 3 years ago
- ☆17May 29, 2018Updated 7 years ago
- ☆119Mar 21, 2020Updated 6 years ago
- ☆131Jun 17, 2022Updated 3 years ago
- procfs-based PHP sandbox bypass☆133Sep 19, 2018Updated 7 years ago
- Those are my challenges for multiple CTF!☆10Mar 17, 2024Updated 2 years ago
- Writeup and environment for XCTF2021Final-Dubbo☆44May 31, 2021Updated 4 years ago
- Challenges I created for 35c3☆48Dec 31, 2018Updated 7 years ago
- PHP 扩展, 用于 PHP-FPM、FastCGI、LD_PRELOAD等模式下突破 disabled_functions☆107Sep 8, 2021Updated 4 years ago
- Code-Breaking Puzzles☆292Apr 6, 2025Updated 11 months ago
- MySQL fake server for read files of connected clients☆606Jul 23, 2017Updated 8 years ago
- Some of my exploits.☆601Feb 25, 2021Updated 5 years ago
- JRE8u20_RCE_Gadget☆255Jul 1, 2016Updated 9 years ago
- Bypassing disabled exec functions in PHP (c) CRLF☆405Oct 2, 2020Updated 5 years ago
- CVE-2020-8163 - Remote code execution of user-provided local names in Rails☆61Dec 14, 2022Updated 3 years ago
- 针对ctf线下赛流量抓取(php)、真实环境流量抓取分析的工具☆741Jun 2, 2023Updated 2 years ago
- PHPGGC is a library of PHP unserialize() payloads along with a tool to generate them, from command line or programmatically.☆3,768Sep 29, 2025Updated 5 months ago
- ☆19Aug 1, 2019Updated 6 years ago
- A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.☆357Sep 20, 2022Updated 3 years ago
- 一个各种方式突破Disable_functions达到命令执行的shell☆1,198Oct 17, 2023Updated 2 years ago
- writeups for our challenges☆147Dec 11, 2022Updated 3 years ago
- PHP Runtime Vulnerability Detection☆480May 25, 2019Updated 6 years ago
- PoC for CVE-2018-15133 (Laravel unserialize vulnerability)☆260Mar 10, 2024Updated 2 years ago
- ☆78Feb 16, 2020Updated 6 years ago
- 为应对CTF比赛而搭建的各种环境☆154May 9, 2020Updated 5 years ago
- MySQL JDBC Deserialization Payload / MySQL客户端jdbc反序列化漏洞payload☆13Feb 8, 2020Updated 6 years ago
- tomcat使用了自带session同步功能时,不安全的配置(没有使用EncryptInterceptor)导致存在的反序列化漏洞,通过精心构造的数据包, 可以对使用了tomcat自带session同步功能的服务器进行攻击。PS:这个不是CVE-2020-9484,9484…☆212May 19, 2020Updated 5 years ago
- 用WebShell攻击PHP-FPM Attacking PHP-FPM with WebShell☆41May 6, 2021Updated 4 years ago
- ☆835Jun 7, 2022Updated 3 years ago
- MySQL Fake Server use to help MySQL Client File Reading and JDBC Client Java Deserialize☆1,362Nov 18, 2021Updated 4 years ago
- Probe endpoints consuming Java serialized objects to identify classes, libraries, and library versions on remote Java classpaths.☆612Mar 4, 2021Updated 5 years ago
- some java code i met or i used☆29May 7, 2019Updated 6 years ago
- attackRmi☆258Oct 14, 2020Updated 5 years ago
- A byte code analyzer for finding deserialization gadget chains in Java applications☆1,080Jun 15, 2021Updated 4 years ago
- Exploit for CVE-2019-11043☆1,834Nov 12, 2019Updated 6 years ago