Samba is a software package that gives network administrators flexibility and freedom in terms of setup, configuration, and choice of systems and equipment.
Goal: Exploitation SMB(Server Message Block) port 139 and port 445 running on Metasploitable server.
Using msfconsole
The is quite easy to set up and easy to launch on Metasploit Framework. Let's run it on ParrotSec OS.
Once the framework starts, input the search command:
On the 8th position, you can see an exploit that's rank is excellent. Now use this exploit and set the variables:
If everything ok, run the exploit command:
Exploit works fine but in this way, you never gain any knowledge. The best way to practice hacking is to find your own way.
Exploit SMB without MSF Framework
This process is the best process for newbies. Follow the below steps to gain access to the server:
Step 1: Using smbclient
smbclient is quite similar to FTP. It is a useful tool to test connectivity of a windows share. It can be used to transfer files, or to look at share names.
Use the help command to verify if the smbclient application was installed or not:
Use SMB client and check for anonymous access:
Note: If you found a protocol negotiation error then Click here to find out your answer.
SMB Client - STATUS_CONNECTION_DISCONNECTED
This article delves into the SMB (Server Message Block) protocol and explores the STATUS_CONNECTION_DISCONNECTED error. Understanding SMB protocols and associated error codes is crucial for network administrators and security professionals.
If smbclient prompts you to input a password just keep it blank and hit enter:
Step 2: Attack using Netcat
Since we know that the "tmp" directory is present, we are going to try to make a reverse connection:
Let's open a new terminal and run Netcat for accepting a reverse connection:
Let's take access to the tmp directory on the Samba server using the below command:
Type the help command to find out if the login command is available or not:
Since the logon command is there we can make a reverse connection using the below command:
After successful command injection, you will get a reverse shell in NetCat:
Step 3: Terminal View
Type the following command to take the terminal view from a shell:
I think you got an idea of how to perform a samba attack.