Academy - Stack-Based Buffer Overflows on Linux x86

I’ve been stuck on the “Take control of EIP” question for a few days now.
I know the offset, and from what I understand, that means the EBP is that many bytes into higher memory from the ESP.

Since the question is asking to examine the registers and return the address of EBP, I figured it’s just (address of ESP) + (offset received using the pattern_offset.rb script) = address of EBP.

The offset is definitely correct, as I can overwrite the EBP using that exact number of bytes.

I have also tried simply setting a breakpoint to main, and using “info register” to examine the register and return the value of EBP. I’m kinda of running out of ideas and I think I’m just confusing myself more now.

Any help is appreciated.

Hey there, not overcomplicate the task! Just run the program and when it crashes with your payload check the value on EBP! hope it helps!

carbonicOwl