Protostar/Format 1

If you get stuck, you can watch the solution and explanation here:

Solving format1 from with a simple Format String vulnerability, exploited with %n.

This level shows how format strings can be used to modify arbitrary memory locations.


objdump -t is your friend, and your input string lies far up the stack :)
This level is at /opt/protostar/bin/format1


#include <stdlib.h>
#include <unistd.h>
#include <stdio.h>
#include <string.h>

int target;

void vuln(char *string)
  if(target) {
      printf("you have modified the target :)\n");

int main(int argc, char **argv)

This is a mirror. Copyright and original can be found here: