Samba

  • I first started by searching for exploits on Samba smbd 3.0.20-Debian.

  • It looks like exploit DB and metasploit contain information for exploiting this.

  • I'll give the metasploit exploit a try out.

  • After starting up the metasploit console, I'll search for Samba related exploits.

search samba
  • I'll use exploit #8 in the list as that is the one that matches up with what I found online on Rapid7

  • I'll then verify the exploit is the correct one.

info
  • It looks like the description matches up with the version I found online.

  • Next is to check the options and set them.

  • Looks like all I need to do is set the RHOSTS to my Host IP. Also check the LHOSTS to make sure it is correct.

set rhosts [Target IP]
  • Then let's run the exploit.

exploit

  • It should be that easy. Redirect to /root to find the root.txt

cat /root/root.txt

The root flag is: 47b8ec8b36d966e1cde25938161b5334

Last updated