首页 > 数据库技术 > 详细

Ethical Hacking - GAINING ACCESS(3)

时间:2019-12-22 21:18:02      阅读:106      评论:0      收藏:0      [点我收藏+]

Sever side attacks code execution

Let‘s analyze the Zenmap scan result first and search for something vulnerabilities about Samba smbd 3.x.

技术分享图片

 

 We find the following vulnerability and try to use it.  https://www.rapid7.com/db/modules/exploit/multi/samba/usermap_script

Samba "username map script" Command Execution
Disclosed
05/14/2007
Created
05/30/2018
Description
This module exploits a command execution vulnerability in Samba versions 3.0.20 through 3.0.25rc3 when using the non-default "username map script" configuration option. By specifying a username containing shell meta characters, attackers can execute arbitrary commands. No authentication is needed to exploit this vulnerability since this option is used to map usernames prior to authentication!

Author(s)
jduck <jduck@metasploit.com>
Platform
Unix

Architectures
cmd

Development
Source Code
History
References
CVE-2007-2447
OSVDB-34700
BID-23972
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=534
http://samba.org/samba/security/CVE-2007-2447.html
Module Options
To display the available options, load the module within the Metasploit console and run the commands ‘show options‘ or ‘show advanced‘:

msf > use exploit/multi/samba/usermap_script
msf exploit(usermap_script) > show targets
    ...targets...
msf exploit(usermap_script) > set TARGET < target-id >
msf exploit(usermap_script) > show options
    ...show and set options...
msf exploit(usermap_script) > exploit

Open Metasploit and set the RHOST.

技术分享图片

 

 Show payloads.

技术分享图片

 

 Set payload.

技术分享图片

 

 Set LHOST

技术分享图片

 

 Set LPORT.

技术分享图片

 

 Exploit the target machine sucessfully.

技术分享图片

 

Ethical Hacking - GAINING ACCESS(3)

原文:https://www.cnblogs.com/keepmoving1113/p/12080810.html

(0)
(0)
   
举报
评论 一句话评论(0
关于我们 - 联系我们 - 留言反馈 - 联系我们:wmxa8@hotmail.com
© 2014 bubuko.com 版权所有
打开技术之扣,分享程序人生!