We saw in the previous section that we were able to crash the application by supplying a random amount of A characters. However, we've learned that to build a working exploit, we need to figure out the exact number of these characters. Metasploit's inbuilt tool, pattern_create, does this for us in no time. It generates patterns that can be supplied instead of A characters and, based on the value which overwrote the EIP register, we can quickly figure out the exact number of bytes using its counterpart tool, pattern_offset. Let's see how we can do that:
We can see that running the pattern_create.rb script from ...