Metasploit mailing list archives
Re: smb_login and "security = share"
From: Nicob <nicob () nicob net>
Date: Sat, 13 Feb 2010 13:15:46 +0100
Hello, I found a patch for this bug. In simpleclient.rb : - modify connect() to receive an additional argument 'pass' - transmit this argument to tree_connect() which already accept an optional password def connect(share, pass = '') print "In simpleclient.connect() [modified]\n" ok = self.client.tree_connect(share, pass) In samba_symlink_traversal.rb : - modify the call to connect() in order to user the password from the datastore self.simple.connect( "\\\\#{rhost}\\#{datastore['SMBSHARE']}", datastore['SMBPass']) This works with "user" or "share" security settings : [*] Connecting to the server... In simpleclient.connect() [modified] In client.tree_connect() : pass = [*] Trying to mount writeable share 'NAS'... In simpleclient.connect() [modified] In client.tree_connect() : pass = tototo [*] Trying to link 'escape' to the root filesystem... [*] Now access the following share to browse the root filesystem: [*] \\127.0.0.1\NAS\escape\ Nicob _______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework
Current thread:
- smb_login and "security = share" Nicob (Feb 11)
- Re: smb_login and "security = share" HD Moore (Feb 11)
- Re: smb_login and "security = share" Nicob (Feb 11)
- Re: smb_login and "security = share" Nicob (Feb 13)
- Re: smb_login and "security = share" HD Moore (Feb 11)