0x0B coin1
題目描述
Mommy, I wanna play a game!
(if your network response time is too slow, try nc 0 9007 inside pwnable.kr server)
Running at : nc pwnable.kr 9007
首先這道題登錄之后發(fā)現(xiàn)是個判斷金幣哪個是假的的一個游戲蜀撑,如果猜對100次法瑟,那就可以得到flag
利用二分法寫出腳本
import re
from pwn import *
def getNC():
r = target.readline()
NC = re.findall("[0-9]+",r)
return int(NC[0]), int(NC[1])
def guess(start, end):
coin=""
for i in xrange(start, end+1):
coin += str(i) + " "
target.sendline(coin)
weight = target.read()
return weight
def binsearch():
for i in range(100):
N, C = getNC()
cnt = 0
left = 0
right = N - 1
while(left <= right):
mid = (left + right) / 2
cnt == 1
if cnt > C:
weight = guess(left, mid)
break
else:
weight = guess(left, mid)
flag = "Correct! (" + str(i) + ")\n"
if weight == flag:
break
if(eval(weight) + 1) % 10:
left = mid + 1
else:
right = mid
print "hit!",(i)
target = remote("127.0.0.1",9007)
target.read()
binsearch()
print target.read()
因為游戲必須在30秒內(nèi)完成,而在自己的電腦上可能速度不夠浮庐,所以可以到pwnable的服務(wù)器上運行甚负,隨便登錄一個之前關(guān)卡的服務(wù)器就好,cd到/tmp目錄下新建一個python腳本就好了审残。
最后flag
