samba/CVE-2017-7494 Error reproducing exploit

[scmanjarrez]

提交issue前，请检查你本地的vulhub是否是最新版，否则可能存在一些由于时间问题导致而今已经修复的bug。

填写如下信息

• Which environment: 哪个环境出现BUG [e.g. python/ssti]: msf Framework: 6.0.5-dev Console : 6.0.5-dev

• Host OS: 操作系统 [e.g. Ubuntu] Distributor ID: Ubuntu 18.04.5 LTS

• OS Version: 操作系统版本 [e.g. 18.04]: 18.04

• Docker version: Docker 版本 [e.g. Docker version 18.04.0-ce, build 3d479c0] Docker version 19.03.12, build 48a66213fe

• Compose version: Docker-Compose 版本 [e.g. docker-compose version 1.22.0, build f46880f]: docker-compose version 1.25.4, build 8d51620a

• Describe your bug: 描述你的Bug，什么情况下出现这个bug: I have followed the steps in the screenshot, but I cannot reproduce the vulnerability.

• [ ] 主机是否在中国大陆

• [x] 是否重试过仍然出现这个错误

smbclient //192.168.144.2/myshare -N                                                                 13:30  09/09/20  100% 
WARNING: The "syslog" option is deprecated
Anonymous login successful
Try "help" to get a list of possible commands.
smb: \> 

msf6 exploit(linux/samba/is_known_pipename) > options

Module options (exploit/linux/samba/is_known_pipename):

   Name            Current Setting  Required  Description
   ----            ---------------  --------  -----------
   RHOSTS          192.168.144.2    yes       The target host(s), range CIDR identifier, or hosts file with syntax 'file:<path>'
   RPORT           445              yes       The SMB service port (TCP)
   SMB_FOLDER      /home/share      no        The directory to use within the writeable SMB share
   SMB_SHARE_NAME                   no        The name of the SMB share containing a writeable directory

Payload options (cmd/unix/interact):

   Name  Current Setting  Required  Description
   ----  ---------------  --------  -----------

Exploit target:

   Id  Name
   --  ----
   0   Automatic (Interact)

msf6 exploit(linux/samba/is_known_pipename) > run

[-] 192.168.144.2:445 - Exploit failed [no-access]: Rex::Proto::SMB::Exceptions::LoginError Login Failed: (0xc000006d) STATUS_LOGON_FAILURE: The attempted logon is invalid. This is either due to a bad username or authentication information.
[*] Exploit completed, but no session was created.

注意，issue仅接受vulhub自身的bug，如：

• 编译时出现bug导致编译失败
• 运行后，环境无法访问
• 环境运行后，按照README中的操作，无法复现漏洞
• README中出现的错误，如错别字、参考链接失效等

注意：关于环境搭建成功，但复现漏洞不成功的情况，我可能不会测试并回复issue，因为我在搭建环境的时候均已测试成功。建议此类issue作者自行测试并寻找错误原因，如果找到原因的确是vulhub的问题（比如某种情况没考虑到），则再创建issue。

不接受：

• 安装docker或docker-compose时出现的bug
• 运行docker、docker-compose时出现的bug
• 拉取/下载vulhub时出现的bug
• 拉取docker镜像因为网络原因导致拉取失败

附加信息

请贴出完整错误信息，可以是命令行输出、软件报错信息、截图等。

注意，请贴出完整错误信息，不要只粘贴错误的最后一行！

[phith0n]

I can't reproduce this bug too, anonymous connection of Samba is failed.

[phith0n]

Hi there,

Please try the newest version of samba/CVE-2017-7494 to test this vulnerability.

Notice that I update the exploit manual in samba/CVE-2017-7494/README.md, metasploit is not usable for it.