Reconnaissance
Enumeration
Exploitation
Linux Privilege Escalation with Metasploit
________________________________________
Reconnaissance
Run the nmapAutomator.sh script to automate all of the process of recon/enumeration.
We can see there are 4 pots open port 21, 22, 139 & 445
Enumeration
After some try we found port 445 Samba 3.0.20 is Vulnerable. Simple Google search gives us python script to exploit this vulnerability.
Lets download this script
Exploitation
Now run the script and get the root shell
We need to run python command to Spawn a tty shell. User Flag is in “/home/makis” directory and root flag is in “/” directory
Linux Privilege Escalation with Metasploit
We can exploit this vulnerability with Metasploit also, lets fire up msfconsole and search Samba 3.0.20 we will find this exploit “exploit/multi/samba/usermap_script”
lets configure it and run the exploit