Exploitation Summary
EIP tracks 44 public exploits for CVE-2007-2447.
PoCs published by Metasploit, amriunix, h3x0v3rl0rd, including Metasploit module exploits/multi/samba/usermap_script.
AI-analyzed exploit summary This Metasploit module exploits CVE-2007-2447 in Samba versions 3.0.20 through 3.0.25rc3 by injecting shell meta characters into the username field during SMB session setup, allowing arbitrary command execution without authentication.
Description
The MS-RPC functionality in smbd in Samba 3.0.0 through 3.0.25rc3 allows remote attackers to execute arbitrary commands via shell metacharacters involving the (1) SamrChangePassword function, when the "username map script" smb.conf option is enabled, and allows remote authenticated users to execute commands via shell metacharacters involving other MS-RPC functions in the (2) remote printer and (3) file share management.
Exploits (44)
This Metasploit module exploits CVE-2007-2447 in Samba versions 3.0.20 through 3.0.25rc3 by injecting shell meta characters into the username field during SMB session setup, allowing arbitrary command execution without authentication.
This repository contains a functional exploit for CVE-2007-2447, a command injection vulnerability in Samba's usermap script. The exploit uses a crafted username to execute arbitrary commands via a netcat reverse shell.
This repository contains a functional exploit for CVE-2007-2447, targeting Samba smbd 3.0.20-Debian. The exploit uses a crafted username to execute a reverse shell payload generated via msfvenom, leveraging the vulnerability in the SMB protocol.
This PHP script establishes a reverse shell connection to a specified IP and port, then executes arbitrary commands received from the remote server. It uses multiple socket methods for redundancy and reads a length-prefixed payload for execution via eval().
This repository contains a functional Python exploit for CVE-2007-2447, a remote command execution vulnerability in Samba versions 3.0.20 to 3.0.25rc3. The exploit leverages the 'Username' map script vulnerability by injecting a payload into the username field during SMB authentication.
This repository contains a functional Python3 exploit for CVE-2007-2447, targeting Samba versions 3.0.20 to 3.0.25rc3. The exploit leverages command injection via the 'Username' map script parameter to achieve remote code execution (RCE) on vulnerable systems.
This repository contains a functional Python exploit for CVE-2007-2447, a command injection vulnerability in Samba's usermap script. The exploit crafts a malicious username to trigger a reverse shell via netcat.
This repository documents a penetration testing workflow targeting Metasploitable2, including exploitation of CVE-2007-2447 (Samba usermap_script vulnerability) using Metasploit. It provides detailed steps, commands, and mitigation recommendations but does not include standalone exploit code.
This repository contains a functional exploit for CVE-2007-2447, targeting Samba smbd 3.0.20-Debian. The exploit uses a crafted username to execute a reverse shell payload generated via msfvenom, leveraging the vulnerability in the SMB protocol.
This repository contains a functional Python exploit for CVE-2007-2447, a vulnerability in Samba's username map script. The exploit leverages command injection via the SMB protocol to establish a reverse shell.
This repository contains a functional exploit for CVE-2007-2447, a command injection vulnerability in Samba's usermap script. The exploit leverages the username field in SMB authentication to execute arbitrary commands, resulting in remote code execution.
This repository contains a functional exploit for CVE-2007-2447, targeting the Samba usermap script vulnerability. The exploit uses a crafted SMB connection to execute a reverse shell payload on the target system.
The repository contains only a PNG image file with no actual exploit code or technical details about CVE-2007-2447. The image does not provide any meaningful information or proof-of-concept code.
This repository documents a comprehensive penetration testing lab focusing on an NTLM Relay attack chain via LLMNR poisoning, targeting Windows 10. It includes detailed steps for reconnaissance, exploitation, and post-exploitation, with a focus on CVE-2007-2447 (SMB Message Signing Disabled).
This repository contains a functional Python exploit for CVE-2007-2447, targeting Samba versions 3.0.20 to 3.0.25rc3. The exploit leverages the 'username map script' feature to inject shell commands via backticks, achieving remote code execution (RCE) with root privileges.
This repository provides a detailed walkthrough of exploiting CVE-2007-2447 (Samba usermap_script vulnerability) using Metasploit to achieve a reverse shell on a Metasploitable 2 target. It includes steps for enumeration, exploit execution, and post-exploitation verification.
This repository contains a functional exploit for CVE-2007-2447, targeting a command injection vulnerability in Samba 3.0.20 through 3.0.25rc3 when the 'username map script' configuration is enabled. The exploit generates a reverse shell payload using msfvenom and triggers it via a maliciously crafted username in an SMB connection.
This repository contains a functional exploit for CVE-2007-2447, targeting a command injection vulnerability in Samba 3.0.20 via the 'username map script' feature. The exploit generates a reverse shell payload using msfvenom and triggers execution through a maliciously crafted username during SMB authentication.
This repository contains a functional Python script that exploits CVE-2007-2447, a remote command execution vulnerability in Samba's usermap script functionality. The exploit triggers command execution by injecting a reverse shell payload into the username field during SMB connection establishment.
This repository provides a step-by-step guide for exploiting CVE-2007-2447, a command execution vulnerability in Samba 3.0.20 via the 'Username' map script. It includes instructions for scanning, identifying the exploit, and using Metasploit to achieve remote code execution.
This repository contains a functional Rust implementation of the CVE-2007-2447 exploit, targeting Samba smbd 3.0.20-Debian. The exploit leverages command injection in the `SamrChangePassword()` function via shell metacharacters in the username field during SMB authentication to achieve remote code execution.
This repository contains a functional exploit for CVE-2007-2447, leveraging a username sanitization flaw in Samba to achieve remote command execution via a crafted SMB connection. The exploit uses a reverse shell payload delivered through the username field.
This is a functional exploit for CVE-2007-2447, targeting Samba 3.0.20. It leverages a command injection vulnerability in the username field during SMB authentication to execute arbitrary commands on the target system.
This repository provides a detailed walkthrough of exploiting CVE-2007-2447 (Samba usermap_script vulnerability) on Metasploitable 2 using Metasploit. It includes step-by-step instructions, screenshots, and post-exploitation commands, but does not contain standalone exploit code.
This repository contains functional exploit code for CVE-2007-2447, targeting Samba smbd 3.0.20. The exploit leverages the username map script vulnerability to execute a reverse shell payload via crafted SMB requests.
The repository contains a functional Python exploit for CVE-2007-2447, which leverages command injection in Samba's MS-RPC functionality via shell metacharacters in the 'username map script' option. The exploit uses the pysmb library to send a crafted SMB connection request with an embedded command.
This repository contains a functional Python exploit for CVE-2007-2447, leveraging the Samba 'username map script' vulnerability to achieve remote command execution via a malformed username field. The exploit uses the `smb.SMBConnection` library to send a crafted payload that triggers command execution on vulnerable Samba servers.
This repository contains a functional Go-based exploit for CVE-2007-2447, targeting the Samba usermap script vulnerability. The exploit sends a crafted SMB request with a malicious username to achieve remote command execution via a reverse shell.
This repository contains a functional exploit for CVE-2007-2447, which leverages a command injection vulnerability in Samba's username parameter to establish a reverse shell. The exploit uses the pysmb library to connect to a vulnerable Samba server and execute arbitrary commands via the username field.
This repository contains a functional Python exploit for CVE-2007-2447, which targets a command execution vulnerability in Samba's username map script. The exploit crafts a malicious username to deliver a reverse shell payload to the target Samba server.
This repository contains a functional Python exploit for CVE-2007-2447, targeting Samba versions 3.0.20 to 3.0.25. The exploit leverages the 'username map script' command execution vulnerability to achieve remote code execution via a crafted SMB connection.
This repository contains a functional Python exploit for CVE-2007-2447, a command injection vulnerability in Samba's usermap script. The exploit leverages the SMB protocol to send a crafted payload via the username field, achieving remote code execution.
This repository contains a functional Python exploit for CVE-2007-2447, which targets a vulnerability in Samba's username map script. The exploit sends a crafted payload via SMB to execute a reverse shell command on the vulnerable host.
This repository contains a functional exploit for CVE-2007-2447, a remote command injection vulnerability in Samba 3.0.0 to 3.0.25rc3. The exploit leverages shell metacharacters in the username field to execute arbitrary commands, establishing a reverse shell via netcat.
The repository contains only a README.md file with the CVE identifier and no exploit code or technical details. It is a placeholder with minimal content.
This repository contains a functional exploit for CVE-2007-2447, targeting a command injection vulnerability in Samba's usermap script. The exploit uses a crafted username to execute arbitrary commands via netcat, establishing a reverse shell.
The repository contains the source code for Samba 3.0.24, which is known to be vulnerable to CVE-2007-2447, but does not include any exploit code or technical analysis of the vulnerability itself. It appears to be a placeholder or archive of the vulnerable version.
This repository contains a functional exploit for CVE-2007-2447, targeting Samba 3.0.20. The exploit leverages command injection via the 'username' field in SMB authentication to achieve remote code execution (RCE) by spawning a reverse shell.
This repository contains a functional exploit for CVE-2007-2447, which leverages shell metacharacter injection in Samba's MS-RPC functionality to achieve remote command execution. The exploit uses the `username map script` smb.conf option to trigger arbitrary command execution via a reverse shell payload.
This repository contains two functional Python exploits for CVE-2007-2447, a command execution vulnerability in Samba's 'username map script' feature. Both scripts leverage the vulnerability by injecting malicious commands into the username field during SMB authentication, resulting in remote code execution.
This repository contains a functional exploit for CVE-2007-2447, targeting a vulnerability in Samba's username map script. The exploit uses a crafted username to execute arbitrary commands via shell metacharacters, achieving remote code execution (RCE).
The repository contains only a minimal README describing CVE-2007-2447, a Samba remote command injection vulnerability, but lacks any functional exploit code or technical details.
This repository contains a functional Python exploit for CVE-2007-2447, a command injection vulnerability in Samba 3.0.20. The exploit leverages the usermap script parameter to execute arbitrary commands via SMB connection manipulation.
This Metasploit module exploits CVE-2007-2447, a command execution vulnerability in Samba versions 3.0.20 through 3.0.25rc3. It leverages the 'username map script' configuration option to execute arbitrary commands via shell meta characters in the username field, requiring no authentication.