1

I'm trying to understand the whole process behind the Sambacry exploit. The problem is that I'm having a little problem understanding how do you create the malicious .so library to be loaded by the exploit. I tried several techniques and they don't work. I see some precompiled examples in github but I really want to understand how to create a bind or reverse generic linux shell and output it in .so format.

I've tried msfvenom outputting to elf-so and elf to no avail.

Can you help me understand how can I create a malicious samba .so library?

PS: This question IS NOT addressed here, I'm not asking about the exploitation process, I'm asking about the creation of the payload. Please don't tag it as a duplicate.

Thanks.

oscillat0r
  • 61
  • 5
  • 2
    Possible duplicate of [How does the CVE-2017-7494 "SambaCry" exploit work?](https://security.stackexchange.com/questions/160443/how-does-the-cve-2017-7494-sambacry-exploit-work) – Fis May 31 '17 at 15:05
  • If possible, can you provide the link to the exploit PoC you're trying to work with? – SecretSasquatch May 31 '17 at 15:46
  • Yes. The exploit is located here: https://www.exploit-db.com/exploits/42060/ It calls the malicious library. All the exploit implementations of this CVE work the same: they call a local path where the malicious .so library is. The problem is that I don't know how to create it and don't find anything about it in the net and I want to learn how to do that. – oscillat0r May 31 '17 at 15:57
  • I'm voting to keep this open, but can you include which techniques you've tried and how exactly they didn't work? – Xiong Chiamiov Jun 01 '17 at 19:33

1 Answers1

2

Here you can see the code of a poc library.so and the process to compile https://github.com/omri9741/cve-2017-7494/blob/master/payload/

Javier Moreno
  • 21
  • 3