Metasploit mailing list archives
Re: smb_login and "security = share"
From: Nicob <nicob () nicob net>
Date: Fri, 16 Apr 2010 10:42:34 +0200
Le jeudi 11 février 2010 à 17:52 -0600, HD Moore a écrit :
Thanks Nicob! I should be able to sort it out this evening, likely just a wrong flag set somewhere while in 'guest' mode.
I thought that version 9086 would solve this problem : http://www.metasploit.com/redmine/projects/framework/repository/revisions/9086 But exploiting the Samba symlink attack when the "security" option is set to "share" (instead of "user") still doesn't work. My proposed patch (from 13/02/2010) : In simpleclient.rb : - modify connect() to receive an additional argument 'pass' - transmit this argument to tree_connect() which already accept an optional password def connect(share, pass = '') print "In simpleclient.connect() [modified]\n" ok = self.client.tree_connect(share, pass) In samba_symlink_traversal.rb : - modify the call to connect() in order to user the password from the datastore self.simple.connect( "\\\\#{rhost}\\#{datastore['SMBSHARE']}", datastore['SMBPass']) Regards, Nicob _______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework
Current thread:
- Re: smb_login and "security = share" Nicob (Apr 16)