Rating:

# noxCTF 2018 : believeMe

**category** : pwn

**points** : 378

**solves** : 90

## write-up

The vulnerability is format string

There is a secret function called `noxFlag` that can give us the flag

Since no aslr, find out the return address on remote server, and overwrite return address to `noxFlag`

`noxCTF{%N3ver_%7rust_%4h3_%F0rmat}`

# other write-ups and resources

Original writeup (https://github.com/OAlienO/CTF/tree/master/2018/noxCTF/believeMe).