`

CTF20 urandom 300 write_up (五)

 
阅读更多

这道题也是给了个ip 端口,以及密码让你连过去,连过去后返回的是个这个

先是200h的这个英文说明,很简单,后面会返回100000个uint16,然后用最少的交换,来完成这个,每次提交交换对如数例如123:9821,讲到交换最少,比较好想的是选择排序,就是排序起来慢些,不过应该挺好用的,因为每一位只需要一次交换,机子够好的话,网速也够好的话,o(n2)的速度完全可以接受,

 写道
Here come 100000 uint16_t, please tell me how to sort them into
ascending order by sending me pairs of indicies to exchange, one
per line, in the format: <index1>:<index2>
For example to exchange elements 123 and 9821 you should send:
123:9821
Valid indicies are in the range 0..99999 inclusive. Send a blank
line when you are done. If you correctly sort the array in
sufficiently few moves I will give you a key!
You have about 10 seconds to finish, and a 5 minute wait between
successive connections.

 我的py,因为这个题每5分钟只能测试一次,而且我的网速机子都太烂了(敢不敢实验室把机子配置更新下,网也烂啊),测试未果,放出来大家看看就好了。

 

#! /usr/bin/env python
#coding=utf-8

import os, sys, struct, math, random, socket

MX = 100000
T = 200514
times=0
    
def op(s):
        #print s
    global times
    times=times+1
    if((times%10000)==100):
        print times
    sock.send(s + '\x0a')
def swap(a,i,j):
    
    temp=a[i]
    a[i]=a[j]
    a[j]=temp
        
def qsb(n,l,r):
    for i in xrange(r):
        lowindex=i
        for j in xrange(r,i,-1):
            if (n[j]<n[lowindex]):
                lowindex=j
        swap(n,i,j)        
        op(str(i)+':'+str(j))




if __name__=='__main__':
    ary = []
    
    sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
    sock.connect(('140.197.217.155', 5601))
    s=sock.recv(100)
    print s
    sock.send('d0d2ac189db36e15\x0a')
    
    f = ''
    
    for i in xrange(10):
        d = sock.recv(50000)
        f=f+d
    
        
    f = f[512:200513]
    
    for i in range(MX):
        ui = f[i:i+2]
        uin = struct.unpack('<H', ui)
        ary.append(uin[0])
    
    if len(ary) != MX:
        print 'error, len not 100000'
        sys.exit(1)
    
    qsb(ary, 0, MX-1)
    
    sock.send('\n')
    
    print 'send ok'
    
    w = open('back', 'w')
    
    while True:
        d = sock.recv(1024)
        if len(d) > 0:
            print d
            w.write(d)
        else:
            break
    
    print 'all done'

 算法大致上没什么问题,可能细节有些问题吧,不过后来也没调了。。。。

 

 

分享到:
| CTF20 binary 100 write_up (四)
评论
发表评论

您还没有登录,请您登录后再发表评论

相关推荐

Magicbox
Global site tag (gtag.js) - Google Analytics