pwnable 笔记 Toddler's Bottle - coin1
2016-11-11 15:08
567 查看
这题考察算法 (分治法) 通过二分法查找便可以解出
题目比较坑的一点是要求在30秒内完成,如果去nc pwnable.kr 9007的话速度会非常慢,一般猜到第四十多次就超时了,为解决这个问题,需要把脚本放在pwnable服务器上去执行
解题脚本:(好久没编程了,写个二分法手都生了...)
#!/usr/bin/python
__author__ = "TaQini"
from pwn import *
import re
def getNC():
r = target.readline() #number and changes
NC = re.findall("[0-9]+",r)
return int(NC[0]), int(NC[1])
def guess(start, end):
coin = ""
for i in xrange(start, end+1):
coin += str(i) + " "
# print "coin " + coin
target.sendline(coin)
weight = target.read()
# print "weight " + str(weight)
return weight
def binsearch():
for i in range(100):
N, C = getNC()
cnt = 0
# print "N= " + str(N) + " C=" + str(C)
Left = 0
Right = N - 1
while (Left <= Right):
Mid = (Left + Right)/2
# print "guess " + str(Left) + "-" + str(Mid)
cnt += 1
if cnt > C:
# print "Hit!"
weight = guess(Left,Mid)
break
else:
weight = guess(Left,Mid)
# print "trial= " + str(cnt)
# print "and C= " + str(C)
if (eval(weight) + 1) % 10: # fake coin not here
Left = Mid + 1
else:
Right = Mid
print "hit!",(i),
target = remote("127.0.0.1",9007)
target.read() #rule of game
binsearch()
print target.read()
题目比较坑的一点是要求在30秒内完成,如果去nc pwnable.kr 9007的话速度会非常慢,一般猜到第四十多次就超时了,为解决这个问题,需要把脚本放在pwnable服务器上去执行
$ ssh fd@pwnable.kr -p2222 password: guest $ cd /tmp $ vim a.py $ python a.py
解题脚本:(好久没编程了,写个二分法手都生了...)
#!/usr/bin/python
__author__ = "TaQini"
from pwn import *
import re
def getNC():
r = target.readline() #number and changes
NC = re.findall("[0-9]+",r)
return int(NC[0]), int(NC[1])
def guess(start, end):
coin = ""
for i in xrange(start, end+1):
coin += str(i) + " "
# print "coin " + coin
target.sendline(coin)
weight = target.read()
# print "weight " + str(weight)
return weight
def binsearch():
for i in range(100):
N, C = getNC()
cnt = 0
# print "N= " + str(N) + " C=" + str(C)
Left = 0
Right = N - 1
while (Left <= Right):
Mid = (Left + Right)/2
# print "guess " + str(Left) + "-" + str(Mid)
cnt += 1
if cnt > C:
# print "Hit!"
weight = guess(Left,Mid)
break
else:
weight = guess(Left,Mid)
# print "trial= " + str(cnt)
# print "and C= " + str(C)
if (eval(weight) + 1) % 10: # fake coin not here
Left = Mid + 1
else:
Right = Mid
print "hit!",(i),
target = remote("127.0.0.1",9007)
target.read() #rule of game
binsearch()
print target.read()
相关文章推荐
- pwnable 笔记 Toddler's Bottle - collision
- pwnable 笔记 Toddler's Bottle - random
- pwnable 笔记 Toddler's Bottle - shellshock
- pwnable 笔记 Toddler's Bottle - mistake
- pwnable 笔记 Toddler's Bottle - fd
- pwnable 笔记 Toddler's Bottle - cmd2
- pwnable 笔记 Toddler's Bottle - blackjack
- pwnable 笔记 Toddler's Bottle - lotto
- pwnable 笔记 Toddler's Bottle - passcode
- pwnable 笔记 Toddler's Bottle - input
- pwnable 笔记 Toddler's Bottle - leg
- pwnable 笔记 Toddler's Bottle - bof
- pwnable 笔记 Toddler's Bottle - cmd1
- pwnable 笔记 Toddler's Bottle - flag
- pwnable 笔记 Toddler's Bottle - uaf
- pwnable.kr [Toddler's Bottle] - cmd2
- pwnable.kr [Toddler's Bottle] - random
- pwnable.kr [Toddler's Bottle] - collision
- pwnable.kr [Toddler's Bottle] - shellshock
- pwnable.kr [Toddler's Bottle] - input