Shulou(Shulou.com)05/31 Report--

How to reproduce the Samba remote code execution vulnerability CVE-2017-7494, I believe many inexperienced people are at a loss about this. Therefore, this paper summarizes the causes and solutions of the problem. Through this article, I hope you can solve this problem.

Introduction to 0x00

Samba is a free software that implements SMB protocol on Linux and UNIX systems, which is composed of server and client programs. SMB (Server Messages Block, Information Service Block) is a communication protocol for sharing files and printers on the LAN. It provides sharing services for files, printers and other resources between different computers in the LAN. SMB protocol is a client / server protocol, through which clients can access shared file systems, printers, and other resources on the server. By setting "NetBIOS over TCP/IP", Samba can share resources not only with LAN hosts, but also with computers around the world.

Overview of 0x01 vulnerabilities

Samba released version 4.6.4 on May 24th, 2017, in which a serious remote code execution vulnerability was fixed. The vulnerability number is CVE-2017-7494. The vulnerability affects all versions after Samba 3.5.0 to 4.6.4Universe 4.5.10Universe 4.4.14. It is confirmed to be a serious vulnerability that can cause remote code execution.

0x02 affects access

The intermediate version of Samba 3.5.0 to 4.6.4Accord 4.5.10 Accord 4.4.14.

It should be understood as: all versions of Samba after 3.5.0 fixed this vulnerability in 4.6.4Accord 4.5.10Accord 4.4.14.

0x03 environment building

Victim: Ubuntu14.04 Samba version: 4.1.6 IP:192.168.3.12

Attack plane: kali IP:192.168.3.6

1. Use the command to install samba on ubuntu

Apt-get install samba

two。 After the installation is complete, use the following command to view the version

/ usr/sbin/samba-V

3. Create a shared directory after installation and give write permission

Mkdir / home/share

Chmod 777 / home/share

4. Then modify the configuration file / etc/samba/smb.conf and add the following at the end of the configuration file:

[myshare]

Comment=smb share test

Browseable=yes # readable

Writeable=yes # writable

Path=/home/share # set directory (the shared directory created in the previous step)

Public = yes # allows anonymous login

5. Start the service after configuration is complete

Service smbd start / / start

Recurrence of 0x04 vulnerabilities

1. Use nmap scan to see which services are enabled

Nmap-p445-sV 192.168.3.12

two。 Use metasploit in kali to search for the vulnerability number

Search 2017-7494

3. Then select this exp and configure IP

Use 0

4. After the configuration is completed, run or use exploit to execute, and you can see that the shell is taken down.

0x05 repair recommendation

1. It is recommended that you upgrade to the latest version or use one of the versions of 4.6.4swap 4.5.10tick 4.4.14.

After reading the above, have you mastered how to reproduce the Samba remote code execution vulnerability CVE-2017-7494? If you want to learn more skills or want to know more about it, you are welcome to follow the industry information channel, thank you for reading!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.