nc连上去看看

一个找假硬币游戏,大概意思为:

N是硬币个数,C是输入次数,输入相应的硬币下标会给你硬币的重量(图中输入0代表第一个硬币,10是一个真硬币的重量,输入0,1返回20,代表两个真硬币的重量)

当次数用完时,需要输入假硬币对应的下标,

整理完过后就是一个题目考察我们的二分查找能力,就是写代码能力,但是这个代码我调试了一会儿。。(太菜了)😔

exp

脚本里面用到了正则表达式来提取字符串中的数字,参考了这篇文章(链接

因为链接的端口只开放一分钟,我这儿网速有限,就在pwnable.kr的服务器上去运行代码了

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
from pwn import *
import re

def MakeFlat(low, high):
    Flat = ''
    mid = (low + high) // 2
    for i in range(low, mid):
        Flat += str(i) + ' '
    #log.info('['+Flat+']')
    return Flat

def BinarySearch(n, c):
    low = 0
    high = n
    correct = ''
    for i in range(c):
        mid = (low + high) // 2
        flat = MakeFlat(low, high)
        sh.sendline(flat)
        p = sh.recv()
        #log.success(p)
        if int(p) == 9:
            correct = flat
            continue
        if int(p) < (mid - low) * 10:
            high = mid
        elif int(p) == (mid - low) * 10:
            low = mid
        correct = str(high - 1)
    log.success('correct index: ' + correct)
    sh.sendline(correct)
    log.success(sh.recv())
def N_C():
    #sleep(3)
    Flat = sh.recv()
    log.info(Flat)
    ListOfNaC = map(int, re.findall('\d+', Flat))
    return ListOfNaC

if __name__ == "__main__":
    #context.log_level = 'debug'
    sh = remote('pwnable.kr', 9007)
    sh.recvuntil('\t- Ready? starting in 3 sec... -\n\t\n')
    sleep(3)
    for i in range(100):
        _list = N_C()
        BinarySearch(_list[0], _list[1])
    log.success(sh.recv())
    sh.close()