parksjin01/pwnable.kr coin1 writeup.md

Last active March 16, 2017 20:50

Star () You must be signed in to star a gist
Fork () You must be signed in to fork a gist

Learn more about clone URLs
Clone this repository at <script src="https://gist.github.com/parksjin01/bb18aa7ece879dabe5edf763923afd65.js"></script>
Save parksjin01/bb18aa7ece879dabe5edf763923afd65 to your computer and use it in GitHub Desktop.

pwnable.kr coin1 writeup

Raw

    from pwn import *
sh = remote('pwnable.kr', 9007)
sh.recv(10024)
for _ in range(100):
	tmp = sh.recv(1024).strip().split(' ')
	n = int(tmp[0].split('=')[1])
	c = int(tmp[1].split('=')[1])
	s = 0
	e = n
	for _ in range(c):
		sh.sendline(' '.join(str(e) for e in range(s, (e+s)/2)))
		a = sh.recv(1024, timeout=0.2).strip()
		i = int(a)
		if i == ((e+s)/2-s)*10:
        		s = (e+s)/2
    		else:
        		e = (e+s)/2
	sh.sendline(str(s))
	#print sh.recv(1024, timeout=0.2)
print sh.recv(1024, timeout=1)

  