Friday, June 10, 2016

METASPLOIT - Linux - Samba


- Layout for this exercise:

- The attacker scans possible open ports and servicies at the victim's machine using NMAP:

- On port 139 the victim is running Samba, service used for File Sharing that in this case suffers from a vulnerability. Metasploit provides the usermap_script exploit to take advantage of that vulnerability:

- Let's set the payload to cmd/unix/reverse:

- Required options include remote host (victim) and local host (attacker):

- Setting remote host's IP:

- Setting attacker's IP:

- Launching the exploit, the result is a remote shell that allow postexplotaition of the victim:

- For instance, from the remote shell both /etc/passwd and /etc/shadow content can be discovered: