サーバサイドの攻撃コードの実行
さんはさせる。Zenmapは、最初の結果とSambaのsmbd 3.xのについて何かの脆弱性を検索スキャン分析してみましょう
我々は、次の脆弱性を発見し、それを使用するようにしてください。 https://www.rapid7.com/db/modules/exploit/multi/samba/usermap_script
Samba "username map script" Command Execution Disclosed 05/14/2007 Created 05/30/2018 Description This module exploits a command execution vulnerability in Samba versions 3.0.20 through 3.0.25rc3 when using the non-default "username map script" configuration option. By specifying a username containing shell meta characters, attackers can execute arbitrary commands. No authentication is needed to exploit this vulnerability since this option is used to map usernames prior to authentication! Author(s) jduck <[email protected]> Platform Unix Architectures cmd Development Source Code History References CVE-2007-2447 OSVDB-34700 BID-23972 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=534 http://samba.org/samba/security/CVE-2007-2447.html Module Options To display the available options, load the module within the Metasploit console and run the commands 'show options' or 'show advanced': msf > use exploit/multi/samba/usermap_script msf exploit(usermap_script) > show targets ...targets... msf exploit(usermap_script) > set TARGET < target-id > msf exploit(usermap_script) > show options ...show and set options... msf exploit(usermap_script) > exploit
Open Metasploit and set the RHOST.
Show payloads.
Set payload.
Set LHOST
Set LPORT.
Exploit the target machine sucessfully.