Protostar/Format 0

If you get stuck, you can watch the solution and explanation here:

This is about format0 from compiled on a modern Ubuntu system.

This level introduces format strings, and how attacker supplied format strings can modify the execution flow of programs.


This level should be done in less than 10 bytes of input.
"Exploiting format string vulnerabilities"
This level is at /opt/protostar/bin/format0


#include <stdlib.h>
#include <unistd.h>
#include <stdio.h>
#include <string.h>

void vuln(char *string)
  volatile int target;
  char buffer[64];

  target = 0;

  sprintf(buffer, string);
  if(target == 0xdeadbeef) {
      printf("you have hit the target correctly :)\n");

int main(int argc, char **argv)

See also

Solving format1 from with a simple Format String vulnerability, exploited with %n.

This is a mirror. Copyright and original can be found here: