I haven't tried this exploit but if you look through memory do you see any other areas that have an unbroken block of whatever character you are using to overflow the buffer? For example if you are usingdo you see anywhere in memory with 320 or more consecutive \x90 bytes?Code:rest = "\x90"*(21000)
If so it may be possible to use some creative jumps to hit this space. Or possibly look into egghunters.
This topic isn't really directly related to backtrack so your thread might get locked by one of the mods. Feel free to pm me if you want some help and I can try to find some time to play with this exploit.