If you get stuck, you can watch the solution and explanation here:
%p format4 looks at one method of redirecting execution in a process.
Hints:
objdump -TR
is your friend
This level is at /opt/protostar/bin/format4
#include <stdlib.h>
#include <unistd.h>
#include <stdio.h>
#include <string.h>
int target;
void hello()
{
printf("code execution redirected! you win\n");
_exit(1);
}
void vuln()
{
char buffer[512];
fgets(buffer, sizeof(buffer), stdin);
printf(buffer);
exit(1);
}
int main(int argc, char **argv)
{
vuln();
}
See also
This is a mirror. Copyright and original can be found here: exploit-exercises.com/protostar/format4/