This program requires you to guess a random 32-bit number! Sounds difficult, right? There is a server running at vuln2014.picoctf.com:4546, and the source can be found here.

In this question, if we look at the source code, we can see that there is a 'printf(name);' which is a format string vulnerability.

I ran nc vuln2014.picoctf.com 4546.

Along with the name, I supplied a format string of seven %i each followed by a '.' to differentiate.

I got some numbers and after trying each one out, I found out that the 4th one from the left was the answer (I'm working on how that happened).

Copy-paste that number and you've got your flag

Flag: leak_the_seakret

#Picoctf #Formatstring