접속해보면 블랙잭 게임을 할 수있다.
돈이 일정 금액이상 넘어야 플래그를 출력해주는 거 같다.
일단 온라인에서 소스를 가져왔다고 하니 링크를 따라 들어가 취약점이 있는지 보자
void play() //Plays game
{
int p=0; // holds value of player_total
int i=1; // counter for asking user to hold or stay (aka game turns)
char choice3;
cash = cash;
cash_test();
printf("\nCash: $%d\n",cash); //Prints amount of cash user has
randcard(); //Generates random card
player_total = p + l; //Computes player total
p = player_total;
printf("\nYour Total is %d\n", p); //Prints player total
dealer(); //Computes and prints dealer total
betting(); //Prompts user to enter bet amount
while(i<=21) //While loop used to keep asking user to hit or stay at most twenty-one times
// because there is a chance user can generate twenty-one consecutive 1's
{
if(p==21) //If user total is 21, win
{
printf("\nUnbelievable! You Win!\n");
won = won+1;
cash = cash+bet;
printf("\nYou have %d Wins and %d Losses. Awesome!\n", won, loss);
dealer_total=0;
askover();
}
if(p>21) //If player total is over 21, loss
{
printf("\nWoah Buddy, You Went WAY over.\n");
loss = loss+1;
cash = cash - bet;
printf("\nYou have %d Wins and %d Losses. Awesome!\n", won, loss);
dealer_total=0;
askover();
}
if(p<=21) //If player total is less than 21, ask to hit or stay
{
printf("\n\nWould You Like to Hit or Stay?");
scanf("%c", &choice3);
while((choice3!='H') && (choice3!='h') && (choice3!='S') && (choice3!='s')) // If invalid choice entered
{
printf("\n");
printf("Please Enter H to Hit or S to Stay.\n");
scanf("%c",&choice3);
}
if((choice3=='H') || (choice3=='h')) // If Hit, continues
{
randcard();
player_total = p + l;
p = player_total;
printf("\nYour Total is %d\n", p);
dealer();
if(dealer_total==21) //Is dealer total is 21, loss
{
printf("\nDealer Has the Better Hand. You Lose.\n");
loss = loss+1;
cash = cash - bet;
printf("\nYou have %d Wins and %d Losses. Awesome!\n", won, loss);
dealer_total=0;
askover();
}
if(dealer_total>21) //If dealer total is over 21, win
{
printf("\nDealer Has Went Over!. You Win!\n");
won = won+1;
cash = cash+bet;
printf("\nYou have %d Wins and %d Losses. Awesome!\n", won, loss);
dealer_total=0;
askover();
}
}
if((choice3=='S') || (choice3=='s')) // If Stay, does not continue
{
printf("\nYou Have Chosen to Stay at %d. Wise Decision!\n", player_total);
stay();
}
}
i++; //While player total and dealer total are less than 21, re-do while loop
} // End While Loop
} // End Function게임을 하는데 중심이 되는 코드만 잘라서 가져왔다.
그런데 코드를 잘 보면 우리가 졌을 때 cash - bet 을 하는데 betting()함수를 보면
int betting() //Asks user amount to bet
{
printf("\n\nEnter Bet: $");
scanf("%d", &bet);
if (bet > cash) //If player tries to bet more money than player has
{
printf("\nYou cannot bet more money than you have.");
printf("\nEnter Bet: ");
scanf("%d", &bet);
return bet;
}
else return bet;
} // End Functionbet값이 cash보다 클때는 검사를 하는데 음수일때는 검사를 하지 않는다.
우리가 bet에 음수를 넣고 일부러 진다면 cash - (-999999999)가 될것이다.
Enter Bet: $-99999999
Would You Like to Hit or Stay?
Please Enter H to Hit or S to Stay.
H
-------
|H |
| K |
| H|
-------
Your Total is 20
The Dealer Has a Total of 17
Would You Like to Hit or Stay?
Please Enter H to Hit or S to Stay.
H
-------
|D |
| K |
| D|
-------
Your Total is 30
The Dealer Has a Total of 17
Woah Buddy, You Went WAY over.
You have 4 Wins and 5 Losses. Awesome!
Would You Like To Play Again?
Please Enter Y for Yes or N for No
Y
YaY_I_AM_A_MILLIONARE_LOL
Cash: $100000679flag: YaY_I_AM_A_MILLIONARE_LOL
'워게임 > pwnable.kr' 카테고리의 다른 글
| cmd1 (0) | 2022.02.23 |
|---|---|
| lotto (0) | 2022.02.23 |
| shellshock (0) | 2022.02.22 |
| mistake (0) | 2022.02.22 |
| leg (0) | 2022.02.22 |
