There are two programs, bomb.c and server.c.

The program bomb.c runs locally and accepts input on stdin. It should
be straight forward to exploit.

The program server.c is a network server that listens for input on
port 1337. Exploiting this program will take some more effort.

There are three versions compiled for each program:
_nx_ : Non executable stack (NX) and _nonx_ with executable stack.
_can_ : With stack canaries and _nocan_ without canaries.

*_nonx_nocan is the easiest to exploit.
*_nx_nocan is trickier, but shouldn't be impossible.(1)
*_nx_can is hard. Might be impossible.

(1) If libc is in ASCII armored memory space. I.e. mapped into
 addresses containing a 0-byte. Then the _nx_ versions are much harder
 (impossible?) to exploit.

Run make aslr-off to turn off ASLR (duh!). Turn it back on with make
aslr-on. You will have to be root to do this.

Exploiting with ASLR turned on is really, really hard.

Don't forget to set up a firewall before experimenting with
this. Block (at least) port 1337.

The helper program wheres_the_stack_at can be run to get a hint on
where the stack will be for your program. By running it multiple
times it can also be used to verify that you have turned ASLR on or
off.