🌌
N/B Writeups
  • CTF Writeups
  • CTFs
    • 2019
      • OverTheWire Advent
    • 2020
      • Midnight Sun
      • Things I learned from DarkCTF
  • Pwnable.kr
    • 01 - fd
    • 02 - col
    • 03 - bof
    • 04 - flag
    • 05 - passcode
    • 06 - random
    • 07 - input
    • 08 - leg
    • 09 - mistake
    • 10 - Shellshock
    • 11 - coin1
    • 12 - blackjack
    • 13 - lotto
    • 14 - cmd1
    • 15 - cmd2
    • 16 - uaf
    • 17 - memcpy
    • 18 - asm
    • 20 - blukat
    • 21 - horcruxes
    • 33 - echo1
    • 34 - echo2
    • 43 - coin2
  • More Pwn
    • Protostar - format4
  • Lord of SQLI
    • Lord of SQLI
Powered by GitBook
On this page
  • The Challenge
  • The Solution

Was this helpful?

  1. Pwnable.kr

12 - blackjack

Previous11 - coin1Next13 - lotto

Last updated 4 years ago

Was this helpful?

The Challenge

Hey! check out this C implementation of blackjack game! I found it online

I like to give my flags to millionares. how much money you got?

Running at: nc pwnable.kr 9009

The Solution

We need to own more than a million dollars. After some interaction with the game, it is obvious we can't profit that much in legitimate ways.

Here is the betting function:

The program is caring enough to not let us bet more than what we have, but what if we bet with a negative amount?

Most of the games we will lose, and when we lose our bet is subtracted from our total amount:

So, just bet with a negative amount greater than a million, and grab that flag.

http://cboard.cprogramming.com/c-programming/114023-simple-blackjack-program.html