XCTF 攻防世界刷题 open-source
XCTF 攻防世界刷题 open-source
题目直接给了源码
#include <stdio.h>
#include <string.h>
int main(int argc, char *argv[]) {
if (argc != 4) {
printf("what?\n");
exit(1);
}
unsigned int first = atoi(argv[1]);
if (first != 0xcafe) {
printf("you are wrong, sorry.\n");
exit(2);
}
unsigned int second = atoi(argv[2]);
if (second % 5 == 3 || second % 17 != 8) {
printf("ha, you won't get it!\n");
exit(3);
}
if (strcmp("h4cky0u", argv[3])) {
printf("so close, dude!\n");
exit(4);
}
printf("Brr wrrr grr\n");
unsigned int hash = first * 31337 + (second % 17) * 11 + strlen(argv[3]) - 1615810207;
printf("Get your key: ");
printf("%x\n", hash);
return 0;
}
分析要求
最终目的得到16进制的hash:
printf("Get your key: ");
printf("%x\n", hash);
往上推
hash = first * 31337 + (second % 17) * 11 + strlen(argv[3]) - 1615810207
未知变量:
· first
· second
· argv[3]
看看要求
first = 0xcafe
second = atoi(argv[2])
second % 5 == 3 || second % 17 != 8
second=25
argv[3]=h4cky0u
写脚本
first = 0xcafe
second=25
argv='h4cky0u'
hash = first * 31337 + (second % 17) * 11 + len(argv) - 1615810207
print(hex(hash))
得到答案0xc0ffee
0x表示16禁止不算字符内容
所以flag就是c0ffee
A lion doesn't concern himself with the opinions of a sheep.
