漏洞背景:Samba是在Linux和UNIX系统上实现SMB协议的一个软件,2017年5月24日Samba发布了4.6.4版本,中间修复了一个严重的远程代码执行漏洞,漏洞编号CVE-2017-7494,漏洞影响了Samba 3.5.0 之后到4.6.4/4.5.10/4.4.14中间的所有版本,,确认属于严重漏洞,可以造成远程代码执行。
环境准备
×××机:kali2018
靶机:Centos6.5(samba 3.6.9)
靶机部分:
[root@root ~]# yum install samba -y
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
* c6-media:
Setting up Install Process
Resolving Dependencies
--> Running transaction check
---> Package samba.x86_64 0:3.6.9-164.el6 will be installed
--> Finished Dependency Resolution
Dependencies Resolved
===========================================================================================================
Package Arch Version Repository Size
===========================================================================================================
Installing:
samba x86_64 3.6.9-164.el6 c6-media 5.0 M
Transaction Summary
===========================================================================================================
Install 1 Package(s)
Total download size: 5.0 M
Installed size: 18 M
Downloading Packages:
Running rpm_check_debug
Running Transaction Test
Transaction Test Succeeded
Running Transaction
Warning: RPMDB altered outside of yum.
Installing : samba-3.6.9-164.el6.x86_64 1/1
Verifying : samba-3.6.9-164.el6.x86_64 1/1
Installed:
samba.x86_64 0:3.6.9-164.el6
Complete!
[root@root ~]# 编辑samba配置文件
[root@root ~]# vim /etc/samba/smb.conf
在文件末尾处添加以下部分 开启匿名访问
[public]
writeable = yes
path = /etc/public
public = yes创建匿名目录
[root@root ~]# mkdir /etc/public
[root@root ~]# chmod 777 /etc/public
重启samba服务
[root@root ~]# service smb restart
Shutting down SMB services: [ OK ]
Starting SMB services: [ OK ]
[root@root ~]#
关闭防火墙 selinux
[root@root ~]# service iptables stop
[root@root ~]# setenforce 0
×××机部分:
