Protostar CTF - format2

In the meantime I decided to try next format-challenge from Protostar CTF - format2. Below you will find the details. Here we go...
We will start here:

This is another format string challenge from Protostar CTF. I created a payload in /tmp/1 and started format2 binary in gdb (with multiple %x as you can see):

Next thing was to get the parameter number of our input:

...and to get the address of the target:

Modifying the target value:

It's done. :)

See you next time!

Cheers