https://app.hackthebox.com/challenges/227

Description

Are you ready to win lottery? Guess the Random Lotto Numbers. It’s TIME you become a millionaire.

Exploitation

Connect with nc and run the poc wiht the extraction numbers as arg

#!/usr/bin/env python3
from pwn import *
import time,random,sys

def predict(x):
    seed = int(time.time())
    log.info(f"Target numbers: {x}")
    log.info(f"Current seed: {seed}")
    for i in range(seed-600,seed+600,1):
        random.seed(i)
        extracted = []
        next_five = []
        while len(extracted) < 5:
            r = random.randint(1,90)
            if r not in extracted:
                extracted.append(r)
        if sorted(extracted) == sorted(x):
            while len(next_five) < 5:
                r = random.randint(1,90)
                if r not in next_five:
                    next_five.append(r)
            log.success(f"Found matching seed: {i}")
            log.success(f"Next numbers: {next_five}")
            return next_five
    return None

if __name__ == "__main__":
    context.log_level = 'info'
    if len(sys.argv) != 6:
        print(f"Usage: {sys.argv[0]} num1 num2 num3 num4 num5")
        sys.exit(1)
    target = [int(n) for n in sys.argv[1:6]]
    predict(target)

Summary

RLotto: reconstruct the PRNG state from the leak, replay it, and recover the flag.