•Build a program to connect and send test data
–e.g. it should send “A”s
for you to determine the proper size of exploit to overwrite EIP
•Run daemon
–Compile with -ggdb switch
for debugging
•Run test data program in gdb with a breakpoint set after connection and right before the data
is sent
•Find daemon on target, and attach gdb by PID number
•Do a continue with the daemon, and then a continue with the test data program
•Check registers on the daemon, and repeat increasing size until you know ESP and a good size
for overflowing
•Now construct your exploit
–In the demo, the exploit
code uses different shellcode that binds a shell to port 4444