zoukankan      html  css  js  c++  java
  • 【pwnable.kr】coin1

    pwnable从入门到放弃又一发

    说是一道pwnable,其实是一道coding...

    nc pwnable.kr 9007

    连接上看看,玩硬币?

    老子是来拿flag的,谁来哄孩子来了!!!

    算了,flag要紧。

    就说一堆硬币,有一个假的,比真的轻,要找出来,哄孩子我不会,二分法我会啊!!

    上脚本

    # coding:utf-8
    from pwn import *
    import re
    
    def get_weight(start,end,r):
        #global r
        send_str = ""
        if start == end:
            r.sendline(str(start))
        else:
            for i in range(start,end + 1 ):
                send_str = send_str + str(i)+" "
            #print "[+]clent: ",send_str
            r.sendline(send_str)
        result = r.recvline()
        #print '[+]server: ',result
        return int(result)
    
    def choose_coin(num,chance,r):
    #    global r
        start = 0
        end = num -1
        weight = 0
        for i in range(0,chance  ):
        #    print '[*] round', i+1 ," / ", chance
            weight = get_weight(start,int(start+(end-start)/2),r)
            #if start = end:
            if weight%10 != 0:
                end = int(start+(end-start)/2)
            else:
                start = int(start+(end-start)/2 )+1
        #print '[+]client: ',end
        r.sendline(str(end))
        print '[+]server: ',r.recvline()
    
    
    
    
    #global r
    r = remote('pwnable.kr',9007)
    print r.recv()
    #print '='*18
    
    
    #print num,'[+]',chance
    for i in range(0,100):
        print '[*]','='*18," ",i," ","="*18 ,"[*]"
        recvword = r.recvline()
        print "[+]server: ",recvword
        p = re.compile(r'd+')
        data = p.findall(recvword)
        num = int(data[0])
        chance = int(data[1])
        choose_coin(num,chance,r)
    print recvline()

    跑了20步,告诉我超时,超时!超时!超时!

    你还要我怎样??

    还是用账号丢到服务器上跑吧,用以前的fd,guest账户,丢到/tmp目录下

    走你!

  • 相关阅读:
    网络-路由交换-路由基础-华为-OSPF的工作原理
    网络-路由交换-路由基础-华为-OSPF报文
    常见协议端口号和IP地址
    以太网帧类型速查(协议字段)
    TCP/UDP端口列表
    利用python生成简单的爆破字典
    BUU的三道文件包含题
    Poc、Exp、Payload、Shellcode的区别
    JavaScript Dom操作-增删改节点1
    JavaScript 图片轮播
  • 原文地址:https://www.cnblogs.com/p4nda/p/7144704.html
Copyright © 2011-2022 走看看