UGN Security Forums UGN Security: Knowledge Base Programming C/C++ A simple buffer overflow

Hey,
I'm not sure if this should go in this forum or somewhere else, but here goes. I need some help writing a buffer overflow for a setuid binary. It basically allocates 256 bytes for a buffer and calls scanf(%s,buffer). I know that this function is exploitable, but I can't figure out how to send my shellcode+ret into the program.
Someone want to help me out? How do I get the program to read my overflow code?

Thanks

understand assembly and how the code works the cpu. then you shall have your answer...

Ummm...sorry, but that wasn't very helpful; I already know how everything about the overflows works. I already have the program that creates an environment variable containing the string that will spawn my shell. I can use it to spawn a shell from a program that uses strcpy() and receives the string from a parameter. I just don't know how to make a program that uses stdin instead of parameters. I've already tried sending my string into a file and dumping the file in. I've also tried echoing the variable and using | to send it into the program. Could the return address be different because of the scanf()?

Edit: spelling

You can use a debugger to find the return address