SAMBA

First I Searched Metasploit for any exploits involing SAMBA and the googled each one to see what they did and for what verion.

--------------------------
msf > search samba
--------------------------



I used the (exploit/unix/misc/distcc_exec) exploit as i found online that this version of samba was vulnreble to it.
i set the RHOST and fired away

-----------------------------------------------------
msf > use (exploit/unix/misc/distcc_exec)
msf > set RHOST 10.0.2.15
msf > exploit
-----------------------------------------------------



The exploit got me a shell but i wasnt root instead i had deamon. Instead of trying to escalate my *privlidgeds* by finding a vulnrable prosses on the system i had a hunch that an exploit i had breafly read up on after finding this exploit would do the trick.


I did some more reasearch and found that I was right and this version of samba was vulnrebale to this exploit (exploit/multi/samba/usermap_script) and if sucssesful will reward you with root.
so I loaded the exploit in metasploit.

------------------------------------------------------------
msf > use exploit/multi/samba/usermap_script
------------------------------------------------------------

I then set the RHOST (Remote host) our target and fired away

---------------------------------
msf > set RHOST 1.0.2.15

msf > exploit
----------------------------------




The Exploit was succsesfull and opened a shell as root






How to fix it ?

Update Samba


www.000webhost.com