LINUX - SAMBA
- Layout for this exercise:
- The attacker scans possible open ports and servicies at the victim's machine using NMAP:
- On port 139 the victim is running Samba, service used for File Sharing that in this case suffers from a vulnerability. Metasploit provides the usermap_script exploit to take advantage of that vulnerability:
- Let's set the payload to cmd/unix/reverse:
- Required options include remote host (victim) and local host (attacker):
- Setting remote host's IP:
- Setting attacker's IP:
- Launching the exploit, the result is a remote shell that allow postexplotaition of the victim:
- For instance, from the remote shell both /etc/passwd and /etc/shadow content can be discovered:
