Jim,

You don't seem to be a bad guy and if you are stuck at this point then you are going to have a real hard time moving forward if you are a nasty little POS.......

Any buffer overflow is basically exploited in the same way as you have described. The problem you have is the proper examination of the system you are trying to exploit. Let's say you want to bash away through a telnet connection and that the telnet server is actually vulnerable to a buffer overflow. What you have to determine by watching the way memory is allocated and buffer space, (which is just memory space), is allocated for each input at any point in a given sequence of events. You may issue commands 1, 2 and 3 in that order and find no potential exploit since the memory usage would be such that the injection of your code will no get exactly into the right place to be executed on a jmp or ret for example. If however you were to execute the same instructions in the order 2, 1, 3 you may find that the exploitable buffer in command 3 could now effectively inject executable code into the appropriate area of the stack such that a cancel command for example would cause a ret to be executed calling the code you injected into the stack.

Now, remember, for the most part you need the exact version of the remote OS and telnet server running on your own system in order to be able to capture the information you require. You also need a lot of time and patience before you stumble across the appropriate sequence of events that would create the potential for exploit and then you have to be able to recognize the fact that the potential is there. Then you have to write the code and translate it such that it can be injected into the remote stack in an appropriate fashion so as not to crash the remote.

Now, if you really have the time and energy to go through all that simply to own another box good luck to you.

OTOH, if you are truly interested in security you will spend that time learning how to recognize compromise and how to ensure that you have all the log files and systems in place to be able to recreate the events and, hopefully, prevent such from occurring again or, even better, track the little B@st@rd down and report his dumb @$$.