picoCTF
since we will only get the first part of the flag (picoCTF{L34k1ng_Fl4g_0ff_St4ck_
). So instead, we search for CTF{
and simply prepend the pico
part when we display the flag. This was figured out by simply printing the output each iteration of the loop and seeing the flag appear twice in the output.printf
as a string (%s
), we'll get the flag. We just have to go far enough down the stack.%
, then an index, then $
and then the format specifier. So, %17$x
would jump to the seventeenth member of the stack and print the value in hex format.picoCTF{L34k1ng_Fl4g_0ff_St4ck_0551082c}