-
-
[原创]第六题 Repwn
-
发表于: 2019-3-23 12:48
-
仿佛没看到正确的地方,结合题目Repwn
很明显是利用漏洞
貌似判断的后八位是这几个字母
更新后
直接用z3解
from z3 import *
s=Solver()
X=[''for i in range(8)]
r=Int('r')
for i in range(8):
t='X'+str(i)
X[i]=Int(t)
print X
for i in range(8):
s.add(And(X[i]>=0,X[i]<=9))
v1 = X[3] + 1000 * X[0] + 100 * X[1] + 10 * X[2]
v2 = X[5] + 10 * X[4]
v3 = X[7] + 10 * X[6]
r1 = 2 * (v1 + v2)
s.add(r1==4040)
r2= 3 * v2 / 2
s.add(r2 + 100 * v3 == 115)
s.add(v1 - 110 * v3 == 1900)
num=''
if s.check()==sat:
m=s.model()
#print m
for i in range(8):
num+=chr(int(str(m[X[i]]))+0x30)
print num
else:
print "No Solution!"
from z3 import *
s=Solver()
X=[''for i in range(8)]
r=Int('r')
for i in range(8):
t='X'+str(i)
X[i]=Int(t)
print X
for i in range(8):
s.add(And(X[i]>=0,X[i]<=9))
v1 = X[3] + 1000 * X[0] + 100 * X[1] + 10 * X[2]
v2 = X[5] + 10 * X[4]
v3 = X[7] + 10 * X[6]
r1 = 2 * (v1 + v2)
s.add(r1==4040)
r2= 3 * v2 / 2
s.add(r2 + 100 * v3 == 115)
s.add(v1 - 110 * v3 == 1900)
num=''
if s.check()==sat:
m=s.model()
#print m
for i in range(8):
num+=chr(int(str(m[X[i]]))+0x30)
print num
else:
print "No Solution!"前八个
接着下面
这里应该就是溢出点呢!
那么要跳到哪里呢!
[培训]内核驱动高级班,冲击BAT一流互联网大厂工作,每周日13:00-18:00直播授课
|
|
|---|---|
