Even more format string fun!
/* * phoenix/format-one, by https://exploit.education * * Can you change the "changeme" variable? * * Why did the Tomato blush? It saw the salad dressing! */ #include <err.h> #include <stdio.h> #include <stdlib.h> #include <string.h> #include <unistd.h> #define BANNER \ "Welcome to " LEVELNAME ", brought to you by https://exploit.education" int main(int argc, char **argv) { struct { char dest[32]; volatile int changeme; } locals; char buffer[16]; printf("%s\n", BANNER); if (fgets(buffer, sizeof(buffer) - 1, stdin) == NULL) { errx(1, "Unable to get buffer"); } buffer[15] = 0; locals.changeme = 0; sprintf(locals.dest, buffer); if (locals.changeme != 0x45764f6c) { printf("Uh oh, 'changeme' is not the magic value, it is 0x%08x\n", locals.changeme); } else { puts("Well done, the 'changeme' variable has been changed correctly!"); } exit(0); }