Format-00
This one was pretty simple but it took some time to solve . First the passwd file was open with read mode
So we can't debug it using gdb . But i tried with unprotected file and find out the passwd was in 11'th position in the stack
So using direct parameter access "%11-\$x%12-\$x%13-\$x%14-\$x", we get a hex value unpacking it from littl-endian format and converting to ascii we get
the passwd :)