1. 题目概述Hey! check out this C implementation of blackjack game!I found it online* http://cboard.cprogramming.com/c-programming/114023-simple-blackjack-program.htmlI like to give my flags to millionares.how much money you got?ssh blackjackpwnable.kr -p2222 (pw:guest)Blackjack二十一点目标使手中卡牌不超过21若点数大于庄家则胜。2. 解题思路首先连接ssh查看目录ls -l可以看到对blackjack程序没有任何权限可以读blackjack.c。接下来查看readme内容blackjackubuntu:~$ cat readme once you connect to port 9009, the blackjack binary will be executed under asm_pwn privilege. get flag.readme提示连接到端口9009就会以asm_pwn权限执行blackjack。那么连接到端口nc localhost 9009 ./blackjack程序运行后可以查看规则和二十一点游戏差不多规则是手中点数不能大于21。1-10每个扑克牌数字即点数J、Q、K等于10点A的点数是11。每轮可以选拿牌hit或者不拿stay最后比庄家点数大就赢了。在此游戏中本金cash是500游戏开始前可以猜钱数bet若赢则获得这些数目的钱输了同理猜的数量不可以超过本金。例如赢下这局我的钱变成了$620。接下来查看源代码寻找相关函数void cash_test() //Test for if user has cash remaining in purse { if (cash 0) //Once user has zero remaining cash, game ends and prompts user to play again { printf(You Are Bankrupt. Game Over); cash 500; askover(); } if (cash 1000000){ FILE* fpfopen(flag, r); char buf[100]; memset(buf, 0, 100); fread(buf, 1, 100, fp); printf(%s\n, buf); fclose(fp); } } // End Function此函数决定获取flag。如果cash0即破产重启游戏如果cash1000000就给flag。int betting() //Asks user amount to bet { printf(\n\nEnter Bet: $); scanf(%d, bet); if (bet cash) //If player tries to bet more money than player has { printf(\nYou cannot bet more money than you have.); printf(\nEnter Bet: ); scanf(%d, bet); return bet; }此函数接收键盘输入的十进制整数返回bet。没有规定bet0的情况。既然游戏的bet规则是赢cashbet输cash-bet那么可以尝试输入一个大负数后输掉这一局游戏这样钱数会超过1000000从而得到flag。