-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathexploit.py
54 lines (48 loc) · 1.32 KB
/
exploit.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
"""
Just go through game rules and find all counterfeit coins.
"""
from pwn import *
import re
def exploit():
# connect to server
con = remote('localhost', 9007)
# Recieve welcome message of binary file
con.recv()
# Count of iterations
count = 100
# Main circle
for i in range(count):
# Take the number of coins and count of tries
n, c = re.findall("N=(\d+) C=(\d+)", con.recv().decode('utf-8'))[0]
binary_search(int(n), int(c), con)
print(con.recv())
print(con.recv())
def binary_search(n, c, con):
# left border
low = 0
# right border
high = n - 1
while low <= high and c:
# Find middle of coins
middle = (low + high) // 2
# Generate a part to send
part = ' '.join([str(i) for i in range(low, middle + 1)])
con.sendline(part)
response = int(con.recvline()[:-1])
# Check response
# if we has a 9 in this range of coins
if not response % 10:
low = middle + 1
else:
high = middle - 1
c -= 1
# Another useless tries we just send zeros
while c:
con.sendline('0')
con.recvline(1024)
c -= 1
# Send correct index of coin with weight 9
con.sendline(str(low))
print(con.recv())
if __name__=='__main__':
exploit()