0x0B coin1
题目描述
Mommy, I wanna play a game!
(if your network response time is too slow, try nc 0 9007 inside pwnable.kr server)
Running at : nc pwnable.kr 9007
首先这道题登录之后发现是个判断金币哪个是假的的一个游戏,如果猜对100次,那就可以得到flag
利用二分法写出脚本
import re
from pwn import *
def getNC():
r = target.readline()
NC = re.findall("[0-9]+",r)
return int(NC[0]), int(NC[1])
def guess(start, end):
coin=""
for i in xrange(start, end+1):
coin += str(i) + " "
target.sendline(coin)
weight = target.read()
return weight
def binsearch():
for i in range(100):
N, C = getNC()
cnt = 0
left = 0
right = N - 1
while(left <= right):
mid = (left + right) / 2
cnt == 1
if cnt > C:
weight = guess(left, mid)
break
else:
weight = guess(left, mid)
flag = "Correct! (" + str(i) + ")\n"
if weight == flag:
break
if(eval(weight) + 1) % 10:
left = mid + 1
else:
right = mid
print "hit!",(i)
target = remote("127.0.0.1",9007)
target.read()
binsearch()
print target.read()
因为游戏必须在30秒内完成,而在自己的电脑上可能速度不够,所以可以到pwnable的服务器上运行,随便登录一个之前关卡的服务器就好,cd到/tmp目录下新建一个python脚本就好了。
最后flag
