ok thought i would start to learn exploiting and such , and wanted to know as much as possible
anyway i want to know something with converting hex shellcode back to asm

example

"\xEB\x10\x5B\x4B\x33\xC9\x66\xB9\x25\x01\x80\x34\x0B\x99\xE2\xFA"

=

EB 10 5B 4B 33 C9 66 B9 25 01 80 34 0B 99 E2 FA

then open with a program debugger called olly , paste it to hex window
find the offset lines and it says in asm

00400850 EB 10 JMP SHORT 3in1.00400862
00400852 5B POP EBX
00400853 4B DEC EBX
00400854 33C9 XOR ECX,ECX
00400856 66:B9 2501 MOV CX,125
0040085A 80340B 99 XOR BYTE PTR DS:[EBX+ECX],99
0040085E ^E2 FA LOOPD SHORT 3in1.0040085A

what i want to know is , when you try to find a bufferflow do you open the exe your trying to exploit with the debugger?

i'm no pro but..

first u attach the process to olly and try to blast the program to pieces.

for e.g
if ure testing a ftpd
then try
user AAAAA......................
pass AAAAA......................

and so on..going from 4 to 100000 or summing and see if u overwrite the eip.

take another example:

say u overflow with 1004A's and were able to overwrite the eip.
now start adding 4b's and u'll see on olly that bbbb starts coming on the stack.(where the esp is)
so u could write up
<1000xA><jmp address><\x90x10><shellcode>

jmp address being jmp esp (use findjmp.exe somewhere in teh forum to find teh address)

When the address overwrites the eip, it will take u where the esp is , where ure nops and shellcode are therefore the shellcode executes.

then u may go forward in ur quest.