This directory contains Proof of Concept code as demoed at Defcon 24.

The goal is to verify that the reply_close() function from smbserver-1.5.32
is vulnerable to a symbolic link attack when calling :
    fopen("/tmp/jnk.close','w');

This is a privilege escalation in Samba from somewhere around 1994 !
The codebase can be found here ftp://ftp.samba.gr.jp/pub/samba/old-versions/smbserver-1.5.32.tar.gz

The vulnerability can be found via symbolic execution, for instance
using https://moabi.com as demoed at Defcon 24.

endrazine-


