Metasploit mailing list archives

Previous By Date Next
Previous By Thread Next

Re: smb_login and "security = share"

From: Nicob <nicob () nicob net>
Date: Fri, 16 Apr 2010 10:42:34 +0200
Le jeudi 11 février 2010 à 17:52 -0600, HD Moore a écrit :


Thanks Nicob! I should be able to sort it out this evening, likely
just a wrong flag set somewhere while in 'guest' mode. 


I thought that version 9086 would solve this problem :
http://www.metasploit.com/redmine/projects/framework/repository/revisions/9086

But exploiting the Samba symlink attack when the "security" option
is set to "share" (instead of "user") still doesn't work.

My proposed patch (from 13/02/2010) :

In simpleclient.rb :

- modify connect() to receive an additional argument 'pass'
- transmit this argument to tree_connect() which already accept an
optional password

        def connect(share, pass = '')
                print "In simpleclient.connect() [modified]\n"
                ok = self.client.tree_connect(share, pass)

In samba_symlink_traversal.rb :

- modify the call to connect() in order to user the password from the
datastore

        self.simple.connect(
                "\\\\#{rhost}\\#{datastore['SMBSHARE']}",
                 datastore['SMBPass'])

Regards,
Nicob


_______________________________________________
https://mail.metasploit.com/mailman/listinfo/framework
Previous By Date Next
Previous By Thread Next

Current thread: