Protostar/Format 1

If you get stuck, you can watch the solution and explanation here:

Solving format1 from exploit-exercises.com with a simple Format String vulnerability, exploited with %n.

This level shows how format strings can be used to modify arbitrary memory locations.

Hints:

objdump -t is your friend, and your input string lies far up the stack :)
This level is at /opt/protostar/bin/format1

format1.c

#include <stdlib.h>
#include <unistd.h>
#include <stdio.h>
#include <string.h>

int target;

void vuln(char *string)
{
  printf(string);
  
  if(target) {
      printf("you have modified the target :)\n");
  }
}

int main(int argc, char **argv)
{
  vuln(argv[1]);
}

This is a mirror. Copyright and original can be found here: exploit-exercises.com/protostar/format1/