This repository has been archived by the owner on Apr 19, 2022. It is now read-only.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Hello!,
I was trying to test your exploit, but I have found some problems.
the first one was related to impacket and the way the library handle slashes.
You can read more about this in this issue.
https://github.com/CoreSecurity/impacket/issues/308
Having in mind that you have a local version of impacket, I just # the line generating the problem and everything is working fine.
the second problem was:
https://marc.info/?l=samba-technical&m=132534986404085
In this commit from 2011 the samba team has changed the entry point from init_samba_module to samba_init_module, so your exploit doesn't work on samba version 3.5.* and 3.6.*.
The fix was also simple.
samba 3.5.10 / lx x86
samba 4.5.9 / lx x64
I also made some changes (and add new ones) in arguments to make it more user friendly.
--no-compile
this options will disable the compilation of implant.c. The reason for this one was, if you are attacking a samba server from a x86 machine, te compilation script is going to create two x86 binaries overwriting the current binaries. Using this option, you can compile your x64 binary in another machine and use your x86 machine to run the attack.
--port
Samba could have port 445 closed and you need to target port 139.
--old-version
Use the old entry point for samba .so. If this options is not used, the script will use the new entry point.
--custom-binary
Some times you need to use your own custom binary to be loaded on the server.
that's all, have a nice day. :)