pwnable.kr(12) - blackjack

Posted on Edited on In , , Views:

Problem

Points: 1pt

1
2
3
4
5
6
7
8
9
Hey! check out this C implementation of blackjack game!
I found it online
* http://cboard.cprogramming.com/c-programming/114023-simple-blackjack-program.html

I like to give my flags to millionares.
how much money you got?


Running at : nc pwnable.kr 9009

Link

Code

Code is at here

Thinking

The code seems no big exploit point.
But seek the input(scanf) line first.
Specially lines invlove with money.

Solution

1
2
3
4
5
6
void play()
{
    ...
    betting(); //Prompts user to enter bet amount
    ...
}

The bet is given by betting() function in player().

1
2
3
4
5
6
7
8
9
10
11
12
13
14
int betting() //Asks user amount to bet
{
    printf("\n\nEnter Bet: $");
    scanf("%d", &bet);
 
    if (bet > cash) //If player tries to bet more money than player has
    {
        printf("\nYou cannot bet more money than you have.");
        printf("\nEnter Bet: ");
        scanf("%d", &bet);
        return bet;
    }
    else return bet;
} // End Function

The code seems no exploit point to let us change the flow.
But I’m curious about why this condition check is not a while loop,
infinitely check until player’s bet is legal?