pwneglyph logo

Note

web php mt-rand prng predictable-token filename

Recover the mt_rand() state from observed outputs to predict upload names, tokens, or reset artifacts.

Predictable mt_rand() for Generated Filenames

mt_rand() is not cryptographically secure, and its internal state can historically be recovered from enough output or a small enough search space.

Why It Works

  • Names/tokens built from mt_rand() (instead of random_bytes()) are predictable once you recover the seed/state.

Vulnerable Pattern

  • Upload names, UUID-like tokens, or password-reset artifacts built from mt_rand().

Exploit Flow

  1. Gather observed outputs.
  2. Infer the exact generation pattern.
  3. Use a state-recovery / seed-recovery approach to predict future values.

Variations

  • File IDs, numeric confirmation codes, weak UUIDv4 emulations, or mixed deterministic formats.

Common Blockers

  • Not enough observable outputs, or the app mixing extra entropy between mt_rand() calls.

PoC Sketch

# recover PRNG state with php_mt_seed, then predict future upload names
# after observing a few generated values

Good Situations To Use It

  • Filenames/tokens are derived from mt_rand().
  • You can observe several generated values.
  • No extra entropy is mixed in.

Sources

  • fcsc2026/web/deep_blue