Hey! check out this C implementation of blackjack game!
I found it onlineI like to give my flags to millionares.
how much money you got?Running at : nc pwnable.kr 9009
Bug
/* blackjack.c */
//Global Variables
...
int bet;
...
int betting() //Asks user amount to bet
{
printf("\n\nEnter Bet: $");
scanf("%d", &bet);
if (bet > cash) //If player tries to bet more money than player has
{
printf("\nYou cannot bet more money than you have.");
printf("\nEnter Bet: ");
scanf("%d", &bet);
return bet;
}
else return bet;
} // End Functionbet은 int형 변수이기 때문에 음수를 넣어도 된다.
/* blackjack.c */
if(p>21) //If player total is over 21, loss
{
printf("\nWoah Buddy, You Went WAY over.\n");
loss = loss+1;
cash = cash - bet;
printf("\nYou have %d Wins and %d Losses. Awesome!\n", won, loss);
dealer_total=0;
askover();
}지면 cash에서 bet을 빼는데, bet이 음수이면 졌을 때 오히려 돈이 늘어나게 된다.
Exploit
728x90
