blackjack - pwnable

題目

題目要求我們在21點遊戲中，赢得100萬，就可以獲得flag。也給出源碼

源碼分析

連上伺服器玩了幾盤之後發現，赢是可以赢的，也可以寫腳本自動運作，但是賺錢速度太慢。題目提示我們去看看源碼，一番檢視之後我們發現這個重點：

//Global Variables
int bet;

int betting() //Asks user amount to bet
{
 printf("\n\nEnter Bet: $");
 scanf("%d", &bet);
 
 if (bet > cash) //If player tries to bet more money than player has
 {
        printf("\nYou cannot bet more money than you have.");
        printf("\nEnter Bet: ");
        scanf("%d", &bet);
        return bet;
 }
 else return bet;
} // End Function
           

bet定義的是數值類型；判斷下注金額與擁有的現金，僅僅通過bet>cash的簡單判斷語句。忽略了當bet為負數的情況。

我們嘗試一下輸入負賭注：

Cash: $500
-------
|D    |
|  9  |
|    D|
-------

Your Total is 9

The Dealer Has a Total of 10

Enter Bet: $-999999999


Would You Like to Hit or Stay?
Please Enter H to Hit or S to Stay.
s

You Have Chosen to Stay at 9. Wise Decision!

The Dealer Has a Total of 12
The Dealer Has a Total of 14
The Dealer Has a Total of 16
The Dealer Has a Total of 18
Dealer Has the Better Hand. You Lose.

You have 0 Wins and 1 Losses. Awesome!

Would You Like To Play Again?
Please Enter Y for Yes or N for No
y











YaY_I_AM_A_MILLIONARE_LOL //flag


Cash: $1000000499
-------
|H    |
|  4  |
|    H|
-------

Your Total is 4

The Dealer Has a Total of 4

Enter Bet: $

           

flag再進行新一輪遊戲的時候出來了。