Summary:

* padding accepts everything that decrypts to `00 02 xx xx .. xx 00 `
* `make_executable` marks the ciphertext as executable as well

Build a ciphertext of the form `90 90 .. 90 <shellcode> <padding>`, such that it decrypts to `00 02 xx .. xx 00 eb XX ...`, where `eb XX` is a near jump that lands in the NOP sled.

Original writeup (http://de298.user.srcf.net/posts/writeups/overthewire/naughty.html).