FORMAT STRING EXPLOITATION

The Ironclad military communications terminal has a message logging system with a critical format string vulnerability. The system uses printf(buffer) instead of printf("%s", buffer), allowing stack reads and arbitrary memory writes.

Two exploitation paths:

• Path A: Leak the flag directly from memory using %s or %x format specifiers
• Path B: Overwrite auth_level to 0xdeadbeef using %n to trigger the authentication bypass

You have 3 attempts per session. Use them wisely.