Executing Attack Code Suppose buffer contains attacker-created string For example,*str contains a string received from the network as input to some network service daemon str Frame of thie Top of code et ℃illing functto stack Attacker puts actual assembly In the overflow,a pointer back instructions into his input string,e.g., into the buffer appears in binary code of execve("/bin/sh") the location where the system expects to find return address When function exits,code in the buffer will be executed,giving attacker a shell -Root shell if the victim program is setuid root 77 Executing Attack Code  Suppose buffer contains attacker-created string ─ For example, *str contains a string received from the network as input to some network service daemon  When function exits, code in the buffer will be executed, giving attacker a shell ─ Root shell if the victim program is setuid root code str Frame of the calling function ret Attacker puts actual assembly instructions into his input string, e.g., binary code of execve(“/bin/sh”) In the overflow, a pointer back into the buffer appears in the location where the system expects to find return address Top of stack