pwnable.kr-lotto

题目描述:

Mommy! I made a lotto program for my homework.
do you want to play?
ssh [email protected] -p2222 (pw:guest)

看下源码,是个简易的lotto系统,输入6个字符,与系统/dev/urandom生成的6个字符进行比较,如果相同的话就中奖了,但是在检查的地方代码出现了问题:

int match = 0, j = 0;
	for(i=0; i<6; i++){
		for(j=0; j<6; j++){
			if(lotto[i] == submit[j]){
				match++;
			}
		}
	}

我们可以看到这里把输入的submit的每个字节都与生成的lotto的每个字节进行了比较,这里如果我们submit提交的都是同一个字节,只要lotto里面出现一次,match的值就为6,会成功返回flag,所以这里我们尝试每次都输入#######,也就是6个35:

Submit your 6 lotto bytes : ######
Lotto Start!
bad luck…
– Select Menu –
1. Play Lotto
2. Help
3. Exit
1
Submit your 6 lotto bytes : ######
Lotto Start!
bad luck…
– Select Menu –
1. Play Lotto
2. Help
3. Exit
1
Submit your 6 lotto bytes : ######
Lotto Start!
sorry mom… I FORGOT to check duplicate numbers… 🙁
– Select Menu –
1. Play Lotto
2. Help
3. Exit

大概尝试了三次之后成功获得了flag:

sorry mom… I FORGOT to check duplicate numbers… 🙁

About the Author

admin

Leave a Reply

Your email address will not be published. Required fields are marked *