Directory Traversal using Symlink
SMB can be susceptible to directory traversal attacks if the "wide links" option in the configuration file is set to "yes".
This essentially allows the user to create symlinks to any other folder within the filesystem and be able to access the files and folders within it.
In order to be able to achieve this, the SMB binary has to be compiled with certain modification to one of the C files. Details to get it working can be found in the following link,
Once you have the executable compiled and ready to go, you can connect to the target system and carry out the following steps to access any folder,
You can cd into this symlink directory and access all the files that are under the root folder.
Last updated