3dub 4 rememberme write up(3) - decode the key.txt by guessing the key for encryption

When reading key.txt, getfile.php adds process after reading key.txt as below:

if ($filename == "key.txt") {
$key = rand();
$cyphertext = mcrypt_encrypt(MCRYPT_RIJNDAEL_128, $key, $data, MCRYPT_MODE_CBC);
echo base64_encode($cyphertext);

key for encrypt looks random, but you can guess the key by the description as below:

$value = time();
// (snip)
Random seed is the result of time(), and you can guess the parameter of srand() execution, and you can get the time on the Web server because of raw response data contains the time of Web server like below:

you could get the time value on the server to get the key and cipher text to be decrypt.
you can try the time value on the server , before a few seconds, and after a few seconds as srand() parameter for safe.