One Article Review
| Source |  SkullSecurity |
|---|---|
| Identifiant | 8494290 |
| Date de publication | 2024-05-05 00:00:00 (vue: 2024-05-06 00:05:44) |
| Titre | BSIDESSF 2024 Écritures: Slay the Spider (un tas de tas dur) BSidesSF 2024 Writeups: Slay the Spider (A hard heap-overflow) |
| Texte | Slay the Spider is a Minesweeper-like game where the user and computer try to uncover a spider. The challenge name and trappings are based on Slay the Spire, which is one of my favourite games. When you start the game, there are several different enemy AI options: 1: The Angry One - Plays at Random 2: Cheater Mc Cheaterly - Knows the best places to play 3: Smartypants - Uses magical super AI for the best chance of winning 4: Captain Fastidious - Is sure that playing left to right is best Those are loosely based on the classes from Slay the Spire. The third - Smarypants - is the key. It chooses the target square based on a silly algorithm: case AI_SMART: // Picks the average of the human move and the last computer move move.row = (human_move.row + last_computer_move.row) / 2; move.col = (human_move.col + last_computer_move.col) / 2; The problem is that the human_move.row and human_move.col are set even when the move is invalid: static move_t do_human_turn(game_t *game) { move_t move; printf("It\'s your (human) move!\n"); printf("\n"); printf("Row?\n"); move.row = read_int(); printf("\n"); printf("Col?\n"); move.col = read_int(); if(move.row > |
| Envoyé | Oui |
| Condensat | *game /slay 100000 2024 4354 435446 4354467b 4354467b74 50001 5184 >cols >gameboard >rows add address against algorithm: angry are average based best boundary bounds bruteforced bsidessf but can captain case cell challenge chance cheater cheaterly choose chooses classes col computer connecting ctf different enemy error even far far: fastidious favourite find fish: flag from game gameboard games hard heap hoping human illegal includes int invalid: job just key knows last leak left like localhost localhost:4444 loosely magical memory might minesweeper missed move move; name need next offset one opponent options: overflow picks places play playing plays possible pretty printf problem quickly: random read reliably result result: return right row select set several signal sigsegv silly slay smart: smartypants smarypants space: spider spire square start static string super sure target terminated that that: third those time trappings try trying turn uncover use user uses when where which will winning writeups: your “before” |
| Tags | |
| Stories | |
| Notes | ★★★ |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.