Writing the Exploit for the Discovered Vulnerability In exploit development, the execution flow of the vulnerable application depends on the return address of the stack pointer, if you cannot get hold of the stack pointer, all your efforts will be useless. Finding Pointers To find the exact value of where the EIP register is overwritten with the 1000 “A”, or the buffer value of 1000 bytes we have sent, is called “Determining the offset”. To find the EIP offset, we need to go back to Metasploit to help us. Let’s quickly generate some set patterns with Metasploit and do the same fuzzing but, this time, we will send some set patterns instead of 1000 “A”s and then will again use Metasploit to find the offset for us. Creating a pattern with Metasploit. We will now use this pattern and fuzz the server again. Once successfully fuzzed, the EIP value will have four bytes from this pattern of 1000 bytes. At this stage, our fuzzer will now