https://x3ric.com/blog/tags/format-string/CTF notes, systems work, and writeups.Hugoen-usSat, 06 Jun 2026 21:41:13 +0200https://x3ric.com/blog/posts/HackTheBox-TicTacToed-Challenge/https://x3ric.com/blog/posts/HackTheBox-TicTacToed-Challenge/Sat, 06 Jun 2026 00:00:00 +0200challengehtbpwnbofformat-stringheapEnter the challenge flag to unlock this writeup.https://x3ric.com/blog/posts/HackTheBox-Questionnaire-Challenge/https://x3ric.com/blog/posts/HackTheBox-Questionnaire-Challenge/Thu, 12 Dec 2024 09:20:00 +0800challengehtbpwnbofformat-stringcanarylinuxQuestionnaire: use the format-string bug for a leak or write, then redirect execution to the flag path.https://x3ric.com/blog/posts/HackTheBox-RaceCar-Challenge/https://x3ric.com/blog/posts/HackTheBox-RaceCar-Challenge/Wed, 11 Dec 2024 09:20:00 +0800challengehtbpwnformat-stringlinuxRaceCar: use the format-string bug for a leak or write, then redirect execution to the flag path.https://x3ric.com/blog/posts/TryHackMe-DearQA-Challenge/https://x3ric.com/blog/posts/TryHackMe-DearQA-Challenge/Fri, 28 Jun 2024 01:20:00 +0800challengethmpwnbofformat-stringheapshellcodelinuxDearQA: shape the heap state, gain the needed write or leak, and pivot to flag access.