# Buffer overflow - [Remote Buffer Overflow](https://repo.4pfsec.com/buffer-overflow/remote-buffer-overflow.md): This subsection would cover the exploitation of Stack Based Remote Buffer Overflows - [Crashing the Application](https://repo.4pfsec.com/buffer-overflow/remote-buffer-overflow/crashing-the-application.md): In order to exploit the target application, we need to crash the application and be able to overwrite the EIP with our own values. - [Controlling the EIP](https://repo.4pfsec.com/buffer-overflow/remote-buffer-overflow/controlling-the-eip.md): To take control of the EIP, we first need to locate the EIP’s exact position in the buffer of 600. To do this we will make use of a tool called “msf-pattern\_create”. - [Finding Bad Characters](https://repo.4pfsec.com/buffer-overflow/remote-buffer-overflow/finding-bad-characters.md): We need to be warry of bad characters and pick them out so that our payload doesn't contain any characters that might cause our exploit to fail. - [Finding a Return Address](https://repo.4pfsec.com/buffer-overflow/remote-buffer-overflow/finding-a-return-address.md): This Return Address would be written in the EIP and used to direct the application to where our payload will be located! Mona.py would be used for this as well. - [Generating Shellcode](https://repo.4pfsec.com/buffer-overflow/remote-buffer-overflow/generating-shellcode.md): This is the most crucial step as it decides whether we get a shell! - [Getting a Shell](https://repo.4pfsec.com/buffer-overflow/remote-buffer-overflow/getting-a-shell.md): With some final modification to the POC, a shell will be obtained. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://repo.4pfsec.com/buffer-overflow.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.