Exploitation was straight forward by abusing a format string vulnerability to overwrite .got. The strchr was called immediately after the printf call with our passed string as an argument, so it was only needed to overwrite this with the address of system.