zoukankan      html  css  js  c++  java
  • Ethical Hacking

    Sever side attacks code execution

    Let‘s analyze the Zenmap scan result first and search for something vulnerabilities about Samba smbd 3.x.

     We find the following vulnerability and try to use it.  https://www.rapid7.com/db/modules/exploit/multi/samba/usermap_script

    Samba "username map script" Command Execution
    Disclosed
    05/14/2007
    Created
    05/30/2018
    Description
    This module exploits a command execution vulnerability in Samba versions 3.0.20 through 3.0.25rc3 when using the non-default "username map script" configuration option. By specifying a username containing shell meta characters, attackers can execute arbitrary commands. No authentication is needed to exploit this vulnerability since this option is used to map usernames prior to authentication!
    
    Author(s)
    jduck <jduck@metasploit.com>
    Platform
    Unix
    
    Architectures
    cmd
    
    Development
    Source Code
    History
    References
    CVE-2007-2447
    OSVDB-34700
    BID-23972
    http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=534
    http://samba.org/samba/security/CVE-2007-2447.html
    Module Options
    To display the available options, load the module within the Metasploit console and run the commands 'show options' or 'show advanced':
    
    msf > use exploit/multi/samba/usermap_script
    msf exploit(usermap_script) > show targets
        ...targets...
    msf exploit(usermap_script) > set TARGET < target-id >
    msf exploit(usermap_script) > show options
        ...show and set options...
    msf exploit(usermap_script) > exploit

    Open Metasploit and set the RHOST.

     Show payloads.

     Set payload.

     Set LHOST

     Set LPORT.

     Exploit the target machine sucessfully.

    相信未来 - 该面对的绝不逃避,该执著的永不怨悔,该舍弃的不再留念,该珍惜的好好把握。
  • 相关阅读:
    ftp如果有文件夹直接建文件,没有创建文件夹
    jfinal相关
    jfinal多数据源
    创建maven项目多模块项目
    多线程分批处理list内的值
    内部类_常见的用途
    获取aplicationContext对象,从而获取任何注入的对象
    jquery表单验证
    monkeyrunner录制回放
    android稳定性测试
  • 原文地址:https://www.cnblogs.com/keepmoving1113/p/12080810.html
Copyright © 2011-2022 走看看