@opt1kz @gnothiseauton
Thank you guys so much! I’m pretty sure I understand this exploit fully now.
I took a peek into the smbclient code and found out why the “/” is required after this as the server’s code didn’t seem to have anything that interacts with it. I’m not 100% sure if it’s against the rules or not to post a link to an article that I wrote but here it is. ¯\(ツ)/¯
At first I was under the assumption it was passed to bash like gnothiseauton was saying, but it’s actually just used by smbclient to separate out the DOMAIN and USERNAME fields in the request! I still have no idea where the = came from though lol.