一次poc上引发的小问题(已解决！)

发表于2023-05-10 | 更新于 2023-05-10 | CTF

| 字数总计: 1670 | 阅读时长: 1分钟 | 阅读量: 1391

疑问来源于[N1CTF 2018]easy_harder_php

在爆破Code(substr(md5(?), 0, 5) === 35ae7):时我采用了go语言爆破

function rand_s($length = 8)
{
    $chars = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789!@#$%^&*()-_ []{}<>~`+=,.;:/?|';
    $password = '';
    for ($i = 0; $i < $length; $i++) {
        $password .= $chars[mt_rand(0, strlen($chars) - 1)];
    }
    return $password;
}

随机数脚本如上
在调用时可以根据view/register知道调用了rand_s(3)所以是三位
根据加密写脚本

package main

import (
    "crypto/md5"
    "encoding/hex"
    "fmt"
    "runtime"
    "sync"
    "time"
)

var (
    chars = []byte("abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789!@#$%^&*()-_ []{}<>~`+=,.;:/?|")
    wg    sync.WaitGroup
)

func sha(s []byte) {
    target := "64581"
    for _, ch1 := range chars {
        for _, ch2 := range chars {
            for _, ch3 := range chars {
                a := []byte{ch1, ch2, ch3}
                hash := md5.Sum(a)
                hashStr := hex.EncodeToString(hash[:])
                if hashStr[:5] == target {
                    fmt.Println(string(a))
                }
            }
        }
    }
    wg.Done()
}

func main() {
    threads := runtime.NumCPU() // 获取cpu逻辑核心数（包括超线程）
    start := time.Now()

    /* len(chars) = sum * sthreads + (sum+1) * (threads-sthreads) */
    snum := len(chars) / threads
    sthreads := threads*(1+snum) - len(chars)

    wg.Add(threads)
    for i := 0; i < threads; i++ {
        if i < sthreads {
            go sha(chars[snum*i : snum*(i+1)])
        } else {
            base := snum * sthreads
            go sha(chars[base+(snum+1)*(i-sthreads) : base+(snum+1)*(i-sthreads+1)])
        }
    }
    wg.Wait()
    end := time.Since(start)
    fmt.Println(end)
}

但是不知道为什么失败了，希望有大佬能指正一下哪里出了问题