题目描述:
Mommy! I made a lotto program for my homework.
do you want to play?
ssh [email protected] -p2222 (pw:guest)
看下源码,是个简易的lotto系统,输入6个字符,与系统/dev/urandom生成的6个字符进行比较,如果相同的话就中奖了,但是在检查的地方代码出现了问题:
int match = 0, j = 0;
for(i=0; i<6; i++){
for(j=0; j<6; j++){
if(lotto[i] == submit[j]){
match++;
}
}
}
我们可以看到这里把输入的submit的每个字节都与生成的lotto的每个字节进行了比较,这里如果我们submit提交的都是同一个字节,只要lotto里面出现一次,match的值就为6,会成功返回flag,所以这里我们尝试每次都输入#######,也就是6个35:
Submit your 6 lotto bytes : ######
Lotto Start!
bad luck…
– Select Menu –
- Play Lotto
- Help
- Exit
1
Submit your 6 lotto bytes : ######
Lotto Start!
bad luck…
– Select Menu –
- Play Lotto
- Help
- Exit
1
Submit your 6 lotto bytes : ######
Lotto Start!
sorry mom… I FORGOT to check duplicate numbers… 🙁
– Select Menu –
- Play Lotto
- Help
- Exit
大概尝试了三次之后成功获得了flag:
sorry mom… I FORGOT to check duplicate numbers… 🙁