This bug isn't always successfull because it relies on some things that you can't control. The memory in wich nops & shellcode are allocated trought prompt() calls isn't fixed but its always over 0x00600000. In order to exploit the bug you have to overwrite 0x006F005B with nops, but sometimes prompt...

[ more ]