Exploitation guides
The following are exploitation guides for the scenarios created in this chapter. These are guidelines, and there are more ways to exploit the vulnerabilities.
Scenario 1 – smashing Samba
The brief provided for this exploitation guide is assumed to be: Find the key file in a shared location on the network. Perform the following steps for this scenario:
- First of all, we run NMAP to do host discovery against the network. If we run NMAP with the A parameter, it will actually connect to and profile any open file-sharing platforms. I'm not going to bore you with yet another NMAP output.
- We should see that there are SMB shares open to guests. Let's go and have a look by using the SMB client,
smbclient <ip address>/<sharename>; so, in this case, it'ssmbclient //192.168.0.6/squirtle. The following screenshot shows the contents of the key file:
- Right, so there's our key file. You can see that I can't read it on the system, which means it...
