Hi, I've been working on something for school where we need to take advantage of a few programs using buffer overflows to gain elevated privileges to some dummy accounts created in a directory. I got the first few working but am stumped on this program. Can anyone provide a few pointers on how exactly to go about doing this?

Code:
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <sys/stat.h>
#include <fcntl.h>

#define MAX_ADDR_LEN 128

#define ADDR_LENGTH_OFFSET 4
#define ADDR_OFFSET 8

typedef unsigned char shsize_t;

typedef struct{
  char addr[MAX_ADDR_LEN];
  shsize_t len;
} arp_addr;

void
print_address(char *packet)
{
  arp_addr hwaddr;
  int i;

  hwaddr.len = (shsize_t) *(packet + ADDR_LENGTH_OFFSET);
  memcpy(hwaddr.addr, packet + ADDR_OFFSET, hwaddr.len);

  printf("Sender hardware address: ");
  for (i = 0; i < hwaddr.len - 1; i ++)
 printf("%02hhx::", hwaddr.addr[i]);
  printf("%02hhx\n", hwaddr.addr[hwaddr.len - 1]);  
  
  return;
}

int main(int argc, char *argv[])
{
  struct stat sbuf;
  char *packet;
  int fd;

  if (argc != 2){
    printf("Usage: %s <packet file>\n", argv[0]);
    return EXIT_FAILURE;
  }

  if ((stat(argv[1], &sbuf)) < 0){
    printf("Error opening packet fce\n");
    return EXIT_FAILURE;          
  }

  if ((fd = open(argv[1], O_RDONLY)) < 0){
    printf("Error opening packet file\n");
    return EXIT_FAILURE;
  }

  if ((packet = (char *)malloc(sbuf.st_size * sizeof(char))) == NULL){
    printf("Error allocating memory\n");
    return EXIT_FAILURE;
  }

  if (read(fd, packet, sbuf.st_size) < 0){
    printf("Error reading packet from file\n");
    return EXIT_FAILURE;
  }
  close(fd);
  print_address(packet);
  free(packet);
  return EXIT_SUCCESS;
}