Sitemap
Open in app

Sign in

Medium Logo
Write

Sign in

Member-only story

THM - Flag Vault 2

Francesco Pastore
3 min readJun 4, 2025

--

A writeup for the room “Flag Vault 2” on TryHackMe

Exploit a simple format string vulnerability.

https://tryhackme.com/room/hfb1flagvault2

What is the flag?

Footprinting

As mentioned in the room description, let’s start by connecting to the server.

nc MACHINE_IP 1337

We are only asked to insert a username.

After that, it seems that the inserted value is checked, and if it is valid, we should obtain the flag.

Taking a look at the code should help us to understand what’s happening.

We can see that the flag is read from a file and stored inside the memory.

Although the flag’s value cannot be printed directly, its content has still been saved onto the stack.

Analyzing the vulnerability

--

--

Francesco Pastore
Francesco Pastore

Written by Francesco Pastore

158 followers
65 following

An engineering student in Milan and a web developer for an IT company. Write about programming and cybersecurity topics.

No responses yet

Help

Status

About

Careers

Press

Blog

Privacy

Rules

Terms

Text to speech