exploitdb
WORKING POC
VERIFIED
by Metasploit · rubyremoteunix
https://www.exploit-db.com/exploits/16320
This Metasploit module exploits CVE-2007-2447 in Samba versions 3.0.20 through 3.0.25rc3 by injecting shell meta characters into the username field during SMB session setup, allowing arbitrary command execution without authentication.
Classification
Working Poc 100%
Target:
Samba 3.0.20 to 3.0.25rc3
No auth needed
Prerequisites:
Samba with 'username map script' option enabled · Network access to SMB port (139)
nomisec
WORKING POC
62 stars
by amriunix · poc
https://github.com/amriunix/CVE-2007-2447
This repository contains a functional exploit for CVE-2007-2447, a command injection vulnerability in Samba's usermap script. The exploit uses a crafted username to execute arbitrary commands via a netcat reverse shell.
Classification
Working Poc 95%
Target:
Samba (versions prior to 3.0.25)
No auth needed
Prerequisites:
Network access to Samba service (port 139) · Samba with vulnerable usermap script configuration
nomisec
WORKING POC
5 stars
by h3x0v3rl0rd · poc
https://github.com/h3x0v3rl0rd/CVE-2007-2447
This repository contains a functional exploit for CVE-2007-2447, targeting Samba smbd 3.0.20-Debian. The exploit uses a crafted username to execute a reverse shell payload generated via msfvenom, leveraging the vulnerability in the SMB protocol.
Classification
Working Poc 95%
Target:
Samba smbd 3.0.20-Debian
No auth needed
Prerequisites:
Network access to the target SMB service · Python 3 with pysmb library installed
nomisec
WORKING POC
4 stars
by Unix13 · poc
https://github.com/Unix13/metasploitable2
This PHP script establishes a reverse shell connection to a specified IP and port, then executes arbitrary commands received from the remote server. It uses multiple socket methods for redundancy and reads a length-prefixed payload for execution via eval().
Classification
Working Poc 90%
Target:
PHP-based applications (likely targeting Metasploitable2 or similar vulnerable environments)
No auth needed
Prerequisites:
Network access to the target · PHP execution environment on the target · Outbound connectivity to attacker's IP:port
nomisec
WORKING POC
3 stars
by Ziemni · poc
https://github.com/Ziemni/CVE-2007-2447-in-Python
This repository contains a functional Python exploit for CVE-2007-2447, a remote command execution vulnerability in Samba versions 3.0.20 to 3.0.25rc3. The exploit leverages the 'Username' map script vulnerability by injecting a payload into the username field during SMB authentication.
Classification
Working Poc 95%
Target:
Samba 3.0.20 < 3.0.25rc3
No auth needed
Prerequisites:
Network access to the target SMB service · SMB service running on the target
nomisec
WORKING POC
2 stars
by xbufu · poc
https://github.com/xbufu/CVE-2007-2447
This repository contains a functional Python3 exploit for CVE-2007-2447, targeting Samba versions 3.0.20 to 3.0.25rc3. The exploit leverages command injection via the 'Username' map script parameter to achieve remote code execution (RCE) on vulnerable systems.
Classification
Working Poc 95%
Target:
Samba 3.0.20 < 3.0.25rc3
No auth needed
Prerequisites:
Network access to the target's SMB port (default 445) · Vulnerable Samba version
nomisec
WORKING POC
2 stars
by Alien0ne · poc
https://github.com/Alien0ne/CVE-2007-2447
This repository contains a functional Python exploit for CVE-2007-2447, a command injection vulnerability in Samba's usermap script. The exploit crafts a malicious username to trigger a reverse shell via netcat.
Classification
Working Poc 95%
Target:
Samba (versions with vulnerable usermap script)
No auth needed
Prerequisites:
Network access to Samba service · Samba configured with vulnerable usermap script
nomisec
WRITEUP
1 stars
by SeifEldienAhmad · poc
https://github.com/SeifEldienAhmad/Penetration-Testing-on-Metasploitable2
This repository documents a penetration testing workflow targeting Metasploitable2, including exploitation of CVE-2007-2447 (Samba usermap_script vulnerability) using Metasploit. It provides detailed steps, commands, and mitigation recommendations but does not include standalone exploit code.
Classification
Writeup 90%
Target:
Samba 3.0.20
No auth needed
Prerequisites:
Network access to target · Metasploit Framework · Kali Linux
nomisec
WORKING POC
1 stars
by Aviksaikat · poc
https://github.com/Aviksaikat/CVE-2007-2447
This repository contains a functional exploit for CVE-2007-2447, targeting Samba smbd 3.0.20-Debian. The exploit uses a crafted username to execute a reverse shell payload generated via msfvenom, leveraging the vulnerability in the SMB protocol.
Classification
Working Poc 95%
Target:
Samba smbd 3.0.20-Debian
No auth needed
Prerequisites:
Network access to target SMB port (445) · msfvenom installed for payload generation
nomisec
WORKING POC
1 stars
by s4msec · poc
https://github.com/s4msec/CVE-2007-2447
This repository contains a functional Python exploit for CVE-2007-2447, a vulnerability in Samba's username map script. The exploit leverages command injection via the SMB protocol to establish a reverse shell.
Classification
Working Poc 95%
Target:
Samba 3.0.20-3.0.25rc3
No auth needed
Prerequisites:
Network access to target's SMB port (139/445) · Netcat listener on attacker's machine
nomisec
WORKING POC
1 stars
by ozuma · poc
https://github.com/ozuma/CVE-2007-2447
This repository contains a functional exploit for CVE-2007-2447, a command injection vulnerability in Samba's usermap script. The exploit leverages the username field in SMB authentication to execute arbitrary commands, resulting in remote code execution.
Classification
Working Poc 95%
Target:
Samba (versions prior to 3.0.25)
No auth needed
Prerequisites:
Network access to the target's SMB port (typically 139/tcp) · Samba service with vulnerable usermap script configuration
nomisec
WORKING POC
1 stars
by 3x1t1um · poc
https://github.com/3x1t1um/CVE-2007-2447
This repository contains a functional exploit for CVE-2007-2447, targeting the Samba usermap script vulnerability. The exploit uses a crafted SMB connection to execute a reverse shell payload on the target system.
Classification
Working Poc 95%
Target:
Samba 3.0.20-3.0.25rc3
No auth needed
Prerequisites:
Network access to the target SMB service · Python environment with mysmb library
nomisec
WORKING POC
by Daviddoctor · poc
https://github.com/Daviddoctor/Samba-CVE-2007-2447-Exploit-Username-Map-Script
This repository contains a functional Python exploit for CVE-2007-2447, targeting Samba versions 3.0.20 to 3.0.25rc3. The exploit leverages the 'username map script' feature to inject shell commands via backticks, achieving remote code execution (RCE) with root privileges.
Classification
Working Poc 95%
Target:
Samba 3.0.20 to 3.0.25rc3
No auth needed
Prerequisites:
smbclient installed on attacker's machine · target Samba server with 'username map script' enabled
nomisec
WRITEUP
by vig9610 · poc
https://github.com/vig9610/Exploiting-Samba-on-Metasploitable-2
This repository provides a detailed walkthrough of exploiting CVE-2007-2447 (Samba usermap_script vulnerability) using Metasploit to achieve a reverse shell on a Metasploitable 2 target. It includes steps for enumeration, exploit execution, and post-exploitation verification.
Classification
Writeup 95%
Target:
Samba 3.X - 4.X
No auth needed
Prerequisites:
Metasploit Framework · Network access to target · Open SMB port (445)
nomisec
WORKING POC
by r0tn3x · poc
https://github.com/r0tn3x/CVE-2007-2447
This repository contains a functional exploit for CVE-2007-2447, targeting a command injection vulnerability in Samba 3.0.20 via the 'username map script' feature. The exploit generates a reverse shell payload using msfvenom and triggers execution through a maliciously crafted username during SMB authentication.
Classification
Working Poc 95%
Target:
Samba 3.0.20 through 3.0.25rc3
No auth needed
Prerequisites:
Target must have 'username map script' configured in smb.conf · msfvenom installed on attacker machine · Network access to target's SMB port (445)
nomisec
WORKING POC
by abdulsaabir · poc
https://github.com/abdulsaabir/CVE-2007-2447
This repository contains a functional Python script that exploits CVE-2007-2447, a remote command execution vulnerability in Samba's usermap script functionality. The exploit triggers command execution by injecting a reverse shell payload into the username field during SMB connection establishment.
Classification
Working Poc 95%
Target:
Samba (versions prior to 3.0.25)
No auth needed
Prerequisites:
Network access to target SMB port (139) · Samba service with vulnerable usermap script configuration
nomisec
WRITEUP
by nulltrace1336 · poc
https://github.com/nulltrace1336/Samba-Exploit-CVE-2007-2447
This repository provides a step-by-step guide for exploiting CVE-2007-2447, a command execution vulnerability in Samba 3.0.20 via the 'Username' map script. It includes instructions for scanning, identifying the exploit, and using Metasploit to achieve remote code execution.
Classification
Writeup 90%
Target:
Samba 3.0.20
No auth needed
Prerequisites:
Target running Samba 3.0.20 · Network access to ports 139 or 445
nomisec
WORKING POC
by nika0x38 · poc
https://github.com/nika0x38/CVE-2007-2447
This repository contains a functional Rust implementation of the CVE-2007-2447 exploit, targeting Samba smbd 3.0.20-Debian. The exploit leverages command injection in the `SamrChangePassword()` function via shell metacharacters in the username field during SMB authentication to achieve remote code execution.
Classification
Working Poc 95%
Target:
Samba smbd 3.0.20-Debian
No auth needed
Prerequisites:
Rust installed on attacker system · Target running vulnerable Samba version · Target must have `netcat` available
nomisec
WORKING POC
by MrRoma577 · poc
https://github.com/MrRoma577/exploit_cve-2007-2447_again
This repository contains a functional exploit for CVE-2007-2447, leveraging a username sanitization flaw in Samba to achieve remote command execution via a crafted SMB connection. The exploit uses a reverse shell payload delivered through the username field.
Classification
Working Poc 90%
Target:
Samba 3.0.0 to 3.0.25rc3
No auth needed
Prerequisites:
Network access to target SMB service (port 139/445) · Target running vulnerable Samba version
github
WORKING POC
by Boon-Rekcah · pythonpoc
https://github.com/Boon-Rekcah/CVE-Exploits/tree/main/CVE-2007-2447( Samba 3.0.20 ).py
This is a functional exploit for CVE-2007-2447, targeting Samba 3.0.20. It leverages a command injection vulnerability in the username field during SMB authentication to execute arbitrary commands on the target system.
Classification
Working Poc 95%
Target:
Samba 3.0.20
No auth needed
Prerequisites:
Network access to the target's SMB port (445) · Samba 3.0.20 running on the target
nomisec
WRITEUP
by DevinLiggins14 · poc
https://github.com/DevinLiggins14/SMB-PenTest-Exploiting-CVE-2007-2447-on-Metasploitable-2
This repository provides a detailed walkthrough of exploiting CVE-2007-2447 (Samba usermap_script vulnerability) on Metasploitable 2 using Metasploit. It includes step-by-step instructions, screenshots, and post-exploitation commands, but does not contain standalone exploit code.
Classification
Writeup 95%
Target:
Samba 3.0.20
No auth needed
Prerequisites:
Metasploit Framework · Kali Linux · Metasploitable 2 target
nomisec
WORKING POC
by elphon · poc
https://github.com/elphon/CVE-2007-2447-Exploit
This repository contains functional exploit code for CVE-2007-2447, targeting Samba smbd 3.0.20. The exploit leverages the username map script vulnerability to execute a reverse shell payload via crafted SMB requests.
Classification
Working Poc 95%
Target:
Samba smbd 3.0.20
No auth needed
Prerequisites:
Python 3 · smbclient · Netcat · Target running vulnerable Samba version
github
WORKING POC
by dugisan3rd · pythonpoc
https://github.com/dugisan3rd/exploit/tree/main/samba-usermap-rce (CVE-2007-2447)
The repository contains a functional Python exploit for CVE-2007-2447, which leverages command injection in Samba's MS-RPC functionality via shell metacharacters in the 'username map script' option. The exploit uses the pysmb library to send a crafted SMB connection request with an embedded command.
Classification
Working Poc 95%
Target:
Samba 3.0.0 through 3.0.25rc3
No auth needed
Prerequisites:
Samba with 'username map script' enabled · Network access to SMB port (445)
nomisec
WORKING POC
by foudadev · poc
https://github.com/foudadev/CVE-2007-2447
This repository contains a functional Python exploit for CVE-2007-2447, leveraging the Samba 'username map script' vulnerability to achieve remote command execution via a malformed username field. The exploit uses the `smb.SMBConnection` library to send a crafted payload that triggers command execution on vulnerable Samba servers.
Classification
Working Poc 95%
Target:
Samba 3.0.20 < 3.0.25rc
No auth needed
Prerequisites:
Network access to the target Samba server · Python environment with `python3-samba` package installed
nomisec
WORKING POC
by IamLucif3r · poc
https://github.com/IamLucif3r/CVE-2007-2447-Exploit
This repository contains a functional Go-based exploit for CVE-2007-2447, targeting the Samba usermap script vulnerability. The exploit sends a crafted SMB request with a malicious username to achieve remote command execution via a reverse shell.
Classification
Working Poc 95%
Target:
Samba 3.0.20-3.0.25rc3
No auth needed
Prerequisites:
Network access to the target SMB service · SMB service exposed and vulnerable
nomisec
WORKING POC
by Juantos · poc
https://github.com/Juantos/cve-2007-2447
This repository contains a functional exploit for CVE-2007-2447, which leverages a command injection vulnerability in Samba's username parameter to establish a reverse shell. The exploit uses the pysmb library to connect to a vulnerable Samba server and execute arbitrary commands via the username field.
Classification
Working Poc 95%
Target:
Samba versions 3.0.0 to 3.0.25rc3
No auth needed
Prerequisites:
pysmb library · network connectivity to target · listener set up for reverse shell
nomisec
WORKING POC
by ShivamDey · poc
https://github.com/ShivamDey/Samba-CVE-2007-2447-Exploit
This repository contains a functional Python exploit for CVE-2007-2447, which targets a command execution vulnerability in Samba's username map script. The exploit crafts a malicious username to deliver a reverse shell payload to the target Samba server.
Classification
Working Poc 95%
Target:
Samba 3.x - 4.x
No auth needed
Prerequisites:
Network access to the vulnerable Samba server · Listener set up on the attacker's machine
nomisec
WORKING POC
by MikeRega7 · poc
https://github.com/MikeRega7/CVE-2007-2447-RCE
This repository contains a functional Python exploit for CVE-2007-2447, targeting Samba versions 3.0.20 to 3.0.25. The exploit leverages the 'username map script' command execution vulnerability to achieve remote code execution via a crafted SMB connection.
Classification
Working Poc 95%
Target:
Samba 3.0.20 < 3.0.25
No auth needed
Prerequisites:
Network access to the target SMB port (139/445) · Python 3 with pysmb library installed
nomisec
WORKING POC
by bdunlap9 · poc
https://github.com/bdunlap9/CVE-2007-2447_python
This repository contains a functional Python exploit for CVE-2007-2447, a command injection vulnerability in Samba's usermap script. The exploit leverages the SMB protocol to send a crafted payload via the username field, achieving remote code execution.
Classification
Working Poc 95%
Target:
Samba 3.0.20-3.0.25rc3
No auth needed
Prerequisites:
Network access to target SMB service (port 139 or 445) · Samba service with vulnerable usermap script configuration
nomisec
WORKING POC
by HerculesRD · poc
https://github.com/HerculesRD/PyUsernameMapScriptRCE
This repository contains a functional Python exploit for CVE-2007-2447, which targets a vulnerability in Samba's username map script. The exploit sends a crafted payload via SMB to execute a reverse shell command on the vulnerable host.
Classification
Working Poc 95%
Target:
Samba (versions affected by CVE-2007-2447)
No auth needed
Prerequisites:
Network access to the vulnerable Samba server · SMB port (139 or 445) accessible · Netcat listener set up on the attacker's machine
nomisec
WORKING POC
by b33m0x00 · poc
https://github.com/b33m0x00/CVE-2007-2447
This repository contains a functional exploit for CVE-2007-2447, a remote command injection vulnerability in Samba 3.0.0 to 3.0.25rc3. The exploit leverages shell metacharacters in the username field to execute arbitrary commands, establishing a reverse shell via netcat.
Classification
Working Poc 95%
Target:
Samba 3.0.0 - 3.0.25rc3
No auth needed
Prerequisites:
Network access to the target Samba server · Samba server with vulnerable version
nomisec
STUB
by testaross4 · poc
https://github.com/testaross4/CVE-2007-2447
The repository contains only a README.md file with the CVE identifier and no exploit code or technical details. It is a placeholder with minimal content.
Target:
unknown
No auth needed
nomisec
WORKING POC
by Nosferatuvjr · poc
https://github.com/Nosferatuvjr/Samba-Usermap-exploit
This repository contains a functional exploit for CVE-2007-2447, targeting a command injection vulnerability in Samba's usermap script. The exploit uses a crafted username to execute arbitrary commands via netcat, establishing a reverse shell.
Classification
Working Poc 95%
Target:
Samba (versions affected by CVE-2007-2447)
No auth needed
Prerequisites:
Network access to target (TCP port 139) · Samba service with vulnerable usermap script configuration
nomisec
STUB
by 3t4n · poc
https://github.com/3t4n/samba-3.0.24-CVE-2007-2447-vunerable-
The repository contains the source code for Samba 3.0.24, which is known to be vulnerable to CVE-2007-2447, but does not include any exploit code or technical analysis of the vulnerability itself. It appears to be a placeholder or archive of the vulnerable version.
Target:
Samba 3.0.24
No auth needed
Prerequisites:
Network access to a vulnerable Samba server
nomisec
WORKING POC
by G01d3nW01f · poc
https://github.com/G01d3nW01f/CVE-2007-2447
This repository contains a functional exploit for CVE-2007-2447, targeting Samba 3.0.20. The exploit leverages command injection via the 'username' field in SMB authentication to achieve remote code execution (RCE) by spawning a reverse shell.
Classification
Working Poc 95%
Target:
Samba 3.0.20
No auth needed
Prerequisites:
Network access to the target SMB service (port 139/445) · Python 3 with pysmb library installed
nomisec
WORKING POC
by 0xKn · poc
https://github.com/0xKn/CVE-2007-2447
This repository contains a functional exploit for CVE-2007-2447, which leverages shell metacharacter injection in Samba's MS-RPC functionality to achieve remote command execution. The exploit uses the `username map script` smb.conf option to trigger arbitrary command execution via a reverse shell payload.
Classification
Working Poc 95%
Target:
Samba 3.0.0 through 3.0.25rc3
No auth needed
Prerequisites:
Samba with `username map script` enabled · Network access to the target's SMB port (default 445)
nomisec
WORKING POC
by WildfootW · poc
https://github.com/WildfootW/CVE-2007-2447_Samba_3.0.25rc3
This repository contains two functional Python exploits for CVE-2007-2447, a command execution vulnerability in Samba's 'username map script' feature. Both scripts leverage the vulnerability by injecting malicious commands into the username field during SMB authentication, resulting in remote code execution.
Classification
Working Poc 95%
Target:
Samba 3.0.0 - 3.0.25rc3
No auth needed
Prerequisites:
Network access to the target's SMB port (445) · Samba service with vulnerable 'username map script' configuration
nomisec
WORKING POC
by xlcc4096 · poc
https://github.com/xlcc4096/exploit-CVE-2007-2447
This repository contains a functional exploit for CVE-2007-2447, targeting a vulnerability in Samba's username map script. The exploit uses a crafted username to execute arbitrary commands via shell metacharacters, achieving remote code execution (RCE).
Classification
Working Poc 95%
Target:
Samba (versions prior to 3.0.25)
No auth needed
Prerequisites:
Network access to the Samba server · SMB port (typically 445) open and accessible
nomisec
STUB
by JoseBarrios · poc
https://github.com/JoseBarrios/CVE-2007-2447
The repository contains only a minimal README describing CVE-2007-2447, a Samba remote command injection vulnerability, but lacks any functional exploit code or technical details.
Target:
Samba (unspecified version)
No auth needed
Prerequisites:
Network access to vulnerable Samba service
nomisec
WORKING POC
by b1fair · poc
https://github.com/b1fair/smb_usermap
This repository contains a functional Python exploit for CVE-2007-2447, a command injection vulnerability in Samba 3.0.20. The exploit leverages the usermap script parameter to execute arbitrary commands via SMB connection manipulation.
Classification
Working Poc 95%
Target:
Samba 3.0.20
No auth needed
Prerequisites:
Network access to target SMB service (port 445) · Python 2.x environment · pysmb library
metasploit
WORKING POC
EXCELLENT
by jduck · rubypoc
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/samba/usermap_script.rb
This Metasploit module exploits CVE-2007-2447, a command execution vulnerability in Samba versions 3.0.20 through 3.0.25rc3. It leverages the 'username map script' configuration option to execute arbitrary commands via shell meta characters in the username field, requiring no authentication.
Classification
Working Poc 100%
Target:
Samba 3.0.20 to 3.0.25rc3
No auth needed
Prerequisites:
Samba with 'username map script' enabled · Network access to SMB port (139)