OK! That's it! I give up!
How the heck do you exploit the advanced buffer overflow (abo2.txt) in the vulnerable code section.

/* abo2.c                                                   * 
 * specially crafted to feed your brain by gera@core-sdi.com */

/* This is a tricky example to make you think               * 
 * and give you some help on the next one                   */

int main(int argv,char **argc) {
	char buf[256];

	strcpy(buf,argc[1]);
	exit(1);
}

There's no return address it uses, exit(1) causes that because ret is never reached! There's nothing under the buff local variable at the time that is is written.
Im running WinXP btw - I do have fedora core but FC has protections that work against me in my learning.

if you are on linux remember to do

echo -n "0" > proc/sys/kernel/randomize_va_space

on windows xp you want to overwrite the SEH record

and make it crash in some way.

Hello leben,

abo2 is not exploitable on x86 architecture because, as you already found out, the function does not return so you cant overwrite any ret address (at least i cant think of any method).
For other architectures where the stack grows from low to high it is possible to overwrite the strcpy() to exploit it.

Greets
matrixman