App - System

Hi. I think i got the shell code but it seemed that the shell code execute some weird command. "sh: 1: steme-ch33: not found". Can anyone helps me with this. Thanks ahead.

i have done it somehow. "steme-ch33" wasn’t random. I got shell code in GDB but env variables were different outside GDB. Got it by examining env variable :)

Well I’ll give my response since I ran into the same issue and even though the answer helped me, I didn’t find it very clear.
The thing is that when you run the program outside of gdb, the enviroment variables (which is where you’re getting the "/bin/bash" from) have an offset, so your 4 byte address that is supposed to point to "/bin/bash" is actually pointing to this "steme-ch33".
By changing the address I realized that it was actually pointing to this :
SSH_TTY=/dev/pts/11
MAIL=/var/mail/app-systeme-ch33
TERM=xterm
SHELL=/bin/bash

so just increase the address by the right amount so that it points to /bin/bash once again and you should be ready to go