| smb-vuln-cve-2017-7494:
| VULNERABLE:
| SAMBA Remote Code Execution from Writable Share
| State: LIKELY VULNERABLE
| IDs: CVE:CVE-2017-7494
| Risk factor: HIGH CVSSv3: 7.5 (HIGH) (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H)
| All versions of Samba from 3.5.0 onwards are vulnerable to a remote
| code execution vulnerability, allowing a malicious client to upload a
| shared library to a writable share, and then cause the server to load
| and execute it.
$ nmap -p 139,445 --script=smb-enum-shares.nse,smb-enum-users.nse 192.168.71.76
Starting Nmap 7.91 ( https://nmap.org ) at 2021-08-13 14:00 PDT
Nmap scan report for 192.168.71.76
Host is up (0.073s latency).
PORT STATE SERVICE
139/tcp open netbios-ssn
445/tcp open microsoft-ds
Host script results:
| smb-enum-shares:
| account_used: guest
| \\192.168.71.76\IPC$:
| Type: STYPE_IPC_HIDDEN
| Comment: IPC Service (photographer server (Samba, Ubuntu))