This program is vulnerable to a format string attack! Try supplying a format string to overwrite a global variable and get a shell! You can exploit the binary on our shell server at /problems/format1/. Download the binary here, and source code is available here