0x0C blackjack
题目描述
Hey! check out this C implementation of blackjack game!
I found it online
* http://cboard.cprogramming.com/c-programming/114023-simple-blackjack-program.html
I like to give my flags to millionares.
how much money you got?
Running at : nc pwnable.kr 9009
解题分析
(如果在linux下想要自己运行一下代码会报错没有process.h这个文件,可以把#include<process.h>这句话注释掉在编译就可以了)
首先分析代码,发现了一个问题,代码如下:
int betting() //Asks user amount to bet
{
printf("\n\nEnter Bet: $");
scanf("%d", &bet);
if (bet > cash) //If player tries to bet more money than player has
{
printf("\nYou cannot bet more money than you have.");
printf("\nEnter Bet: ");
scanf("%d", &bet);
return bet;
}
else return bet;
} // End Function
这里发现一个问题,就是当提交的bet大于现金cash时,会报错,但是return返回的还是bet,也就是说,这里的bet可以比现金cash还要达,而题目描述里写了flag值会给百万富翁,那么提交大于100万的bet,然后赢得比赛,就可以获得flag了。
