pwnable.kr (四) 11-12
0x01 coin1:
code:
from pwn import * import re #context(log_level='debug') #target = remote('pwnable.kr',9007) //经过调试发现只能够运行30s不能够跑完整个程序 target = remote('127.0.0.1',9007) def getnc(): r = target.readline() nc = re.findall("[0-9]+",r) return int(nc[0]),int(nc[1]) def guess(start, end): coin = "" for i in xrange(start, end+1): coin += str(i) + " " #print "coin " + coin target.sendline(coin) //发送数据 #print coin weight = target.read() # print "weight " + str(weight) return weight def compare(): for x in xrange(100): N, C = getnc() cnt = 0 #二分法执行次数 # print "N= " + str(N) + " C=" + str(C) Left = 0 Right = N - 1 while (Left <= Right): Mid = (Left + Right)/2 # print "guess " + str(Left) + "-" + str(Mid) cnt += 1 if cnt > C: # print "Hit!" weight = guess(Left,Mid) break else: weight = guess(Left,Mid) # print "trial= " + str(cnt) # print "and C= " + str(C) if (eval(weight) + 1) % 10: # fake coin not here Left = Mid + 1 else: Right = Mid print "hit!",(x), target.read() compare() print target.read() #编程好菜~~~~ #脚本参考:http://blog.csdn.net/smalosnail/article/details/53129001 #大一学c的时候记得是有个二分法来着但是当时只是局限于应付期末考试,没有好好学 #orz
nc的执行效率不够,在运行30s后就停止连接。
解决方法:直接将执行脚本挂载到服务器本地。
0x02 blackjack:
源代码审计
http://cboard.cprogramming.com/c-programming/114023-simple-blackjack-program.html
随便输入个数测试一下
发现能够直接得到flag,但是题目的原意好像不是这样的 -_-说好的代码审计呢
大概就是在这段代码出没有设置输入数字的大小吧
int betting() //Asks user amount to bet { printf("\n\nEnter Bet: $"); scanf("%d", &bet); if (bet > cash) //If player tries to bet more money than player has { printf("\nYou cannot bet more money than you have."); printf("\nEnter Bet: "); scanf("%d", &bet); return bet; } else return bet; } // End Function
浙公网安备 33010602011771号