I'm trying to use overthewire narnia problems as a way to learn about binary exploitation and I'm getting different results than any of the walkthroughs
I was looking at https://tuonilabs.wordpress.com/2017/05/13/overthewire-narnia-write-up/ for 'Level 2' and started off by used peda to create a pattern - I ran the program with this pattern and it segfaulted - I used x/s $esp in gdb and got the value from the stack pointer - ran pattern offset on it and it returned 136 instead of the 140 value they say. I also just generated a string of 132 A's and 4 b's and again - it works out.
I then look at https://triedal.github.io/narnia-writeup/ for Level2 and they start off using gdb to disassemble and workout the overflow that way - so I do so and my assembly code is different to theirs!
Dump of assembler code for function main:
0x0804844b <+0>: push ebp
0x0804844c <+1>: mov ebp,esp
0x0804844e <+3>: add esp,0xffffff80
0x08048451 <+6>: cmp DWORD PTR [ebp+0x8],0x1
0x08048455 <+10>: jne 0x8048471 <main+38>
0x08048457 <+12>: mov eax,DWORD PTR [ebp+0xc]
0x0804845a <+15>: mov eax,DWORD PTR [eax]
0x0804845c <+17>: push eax
0x0804845d <+18>: push 0x8048520
0x08048462 <+23>: call 0x8048300 <printf@plt>
0x08048467 <+28>: add esp,0x8
0x0804846a <+31>: push 0x1
0x0804846c <+33>: call 0x8048320 <exit@plt>
0x08048471 <+38>: mov eax,DWORD PTR [ebp+0xc]
0x08048474 <+41>: add eax,0x4
0x08048477 <+44>: mov eax,DWORD PTR [eax]
0x08048479 <+46>: push eax
0x0804847a <+47>: lea eax,[ebp-0x80]
0x0804847d <+50>: push eax
0x0804847e <+51>: call 0x8048310 <strcpy@plt>
0x08048483 <+56>: add esp,0x8
0x08048486 <+59>: lea eax,[ebp-0x80]
0x08048489 <+62>: push eax
0x0804848a <+63>: push 0x8048534
0x0804848f <+68>: call 0x8048300 <printf@plt>
0x08048494 <+73>: add esp,0x8
0x08048497 <+76>: mov eax,0x0
---Type <return> to continue, or q <return> to quit---
so in mine the call is at main+51 not main+70
