pwnable.kr-random

题目描述:

Daddy, teach me how to use random value in programming!

ssh [email protected] -p2222 (pw:guest)

其中random.c的代码为:

#include <stdio.h>

int main(){
 unsigned int random;
 random = rand(); // random value!

 unsigned int key=0;
 scanf("%d", &key);

 if( (key ^ random) == 0xdeadbeef ){
 printf("Good!\n");
 system("/bin/cat flag");
 return 0;
 }

 printf("Wrong, maybe you should try 2^32 cases.\n");
 return 0;
}

代码很简单,一开始以为是需要通过key溢出覆盖random的值,结果经过调试发现每次random()生成的数值是固定的,因为在本题的代码中并没有制定随机数种子(seed),导致每次生成的第一个数都是固定的。

第一个数为:0x6b8b456,最后的结果要求是(key ^ random) == 0xdeadbeef,

所以key的值应该为:0xdeadbeef^0x6b8b4567=3039230856

输入之后,获得flag:

[email protected]:~$ ./random
3039230856
Good!
Mommy, I thought libc random is unpredictable…

所以flag为:

Mommy, I thought libc random is unpredictable…

About the Author

admin

Leave a Reply

Your email address will not be published. Required fields are marked *