Mommy, I wanna play a game!
(if your network response time is too slow, try nc 0 9007 inside pwnable.kr server)
Running at : nc pwnable.kr 9007
就是一个二分查找
exp如下:
from pwn import * io = remote(‘0‘, 9007) #context.log_level = ‘debug‘ def bSearch(left, right): mid = (left + right) // 2 payload = ‘ ‘.join([str(j) for j in range(left, mid + 1)]) io.sendline(payload) res = io.recvline() if ‘Correct!‘ in res: info(‘Correct!‘) return result = int(res.strip()) if result == 10 * (mid - left + 1): bSearch(mid + 1, right) else: bSearch(left, mid) io.recvuntil(‘- Ready? starting in 3 sec... -\n\t\n‘) for i in range(100): s = io.recvline() n = s.strip().split()[0].split(‘=‘)[1] n = int(n) c = s.strip().split()[1].split(‘=‘)[1] c = int(c) info("Number %d: N = %d C = %d" % (i + 1, n, c)) bSearch(0, n - 1) io.interactive()