IMCAFS

Home

msf replication samba remote code execution vulnerability - immediate security

Posted by lipsius at 2020-03-23
all

1. Use docker to build (Linux? Samba)

After downloading, let's confirm whether docker Samba has been successfully opened:

2.Exploit_CVE-2017-7494(msf-ruby)

Cve-2017-7494 Download: https://github.com/hdm/metasploit-framework/blob/0520d7cf76f8e5e654cb60f157772200c1b9e230 / modules / exploits / Linux / Samba / is_known_pipename.rb

Copy the ruby script to Kali's directory / usr / share / Metasploit framework / modules / exploits / Linux / Samba /

Start msfconsole and choose to use the is? Known? Pipename module:

Use the options option to view the parameters we need to set:

We can see that we only need to set the target IP.

Set target IP:

Exploit:

Verify that the vulnerability was successfully exploited:

As you can see, we have successfully obtained the root permission of the target.

Video presentation: