Vulnerability scanner SambaCry
BI.ZONE team has developed a special utility software — vulnerability scanner SambaCry. The scanner detects vulnerability CVE-2017-7494 which is peculiar for all version of Samba software starting from version 3.5.0
This vulnerability is relatively easy to exploit and provides for remote code execution on a target system. In case of successful attack perpetrator can gain control over vulnerable Linux and Unix systems.
Vulnerability exists in the function «is_known_pipename».

In order to process special RPC requests, this function attempts to call RPC module under the name equal to the name of the requested channel (pipe).

However, if the name of the channel is an absolute path (starting with slash symbol), the module in the function of additional module upload is uploaded through the absolute path instead of the catalogue with RPC modules as the developers first implied.

The exploit for this vulnerability can also be found in the Internet. The execution of the malicious code requires one mere line of code.
simple.create_pipe("/path/to/target.so")
Our team has developed the scanner which allows to detect vulnerability CVE-2017-7494. The scanner is available here.
Usage instructions
- This checker uses version detect for vulnerability check.
- If you have turned off PIPES functionality, your host may not be vulnerable.
- If you have banned write operation to all directories in you Samba server,
- your host may not be vulnerable.
- If you turned off banners, scanner may be wrong.
- If scanner can not auth to Samba, it’s impossible to get banner with version.
SambaCry scanner tool by BiZone
Usage of ./sambacry_scaner.exe:
- clear_hosts string
Output CSV file with hosts that are not vulnerable. Example: clear.csv
- file string
File with list of targets to scan. Each address or netmask on new line.
- ip string
IP address
- net string
IP network address. Example: 10.0.1.0/24
- out string
Output file with results of scan in CSV format. Example: results.csv
- verbose
Verbose output
- workers int
Count of concurrent workers. (default 200)
Download utility
Password for the archive
sambacry
Checksums
$ sha1sum.exe sambacry_scanner.exe
b44c5e7e8c8cd121d83020b7fdc5844c482e0968
$ sha1sum.exe sambacry_scanner.go
c0a47933c56d4aa6168b4726194dc5f0bda37eef