pwnable.kr-random-Writeup
2017-02-11 10:11
387 查看
MarkdownPad Document
查看random()函数时有这样的描述:
即该函数每次产生的随机值均为定值,自己写一个类似的程序可以得到此时产生的随机值为1804289383
根据代码流程,1804289383 ^ 0xdeadbeef即可得到要输入的key值为3039230856,则可得到flag为
Mommy, I thought libc random is unpredictable...
2017-2-7 22:01;32
pwnable.kr-random-Writeup
与前几题套路相同,ssh远程登录,ls -l查看文件及权限,cat获得C代码如下:1 #include <stdio.h> 2 3 int main(){ 4 unsigned int random; 5 random = rand(); // random value! 6 7 unsigned int key=0; 8 scanf("%d", &key); 9 10 if( (key ^ random) == 0xdeadbeef ){ 11 printf("Good!\n"); 12 system("/bin/cat flag"); 13 return 0; 14 } 15 16 printf("Wrong, maybe you should try 2^32 cases.\n"); 17 return 0; 18 }
查看random()函数时有这样的描述:
即该函数每次产生的随机值均为定值,自己写一个类似的程序可以得到此时产生的随机值为1804289383
根据代码流程,1804289383 ^ 0xdeadbeef即可得到要输入的key值为3039230856,则可得到flag为
Mommy, I thought libc random is unpredictable...
2017-2-7 22:01;32
相关文章推荐
- pwnable.kr-random-Writeup
- pwnable.kr-bof-Writeup
- pwnable.kr [Toddler's Bottle] - random
- pwnable.kr-bof-Writeup
- pwnable.kr第二遍---random
- pwnable.kr-cmd1-Writeup
- gdb-peda调试pwnable.kr题目random
- pwnable.kr [Toddler's Bottle] - passcode
- pwnable.kr 之echo1
- pwnable.kr刷题之UAF
- pwnable.kr flag
- pwnable.kr col
- 【pwnable.kr-----解题过程】random
- pwnable.kr之cmd1
- [pwnable.kr] input
- pwnable.kr-cmd1-Writeup
- pwnable.kr [Toddler's Bottle] - flag
- pwnable.kr 之passcode summary
- pwnable.kr - fd
- pwnable.kr