Linux Privilege Escalation using Misconfigured NSF

Linux Privilege Escalation using Misconfigured NSF

Aarti S. Aarti S.

Aarti S.

Lead Pentester | OSCP|CISM| ISO27001-2013-Lead Auditor

发布日期: 2018年5月26日
+ 关注

After solving several OSCP Challenges we decided to write the article on the various method used for Linux privilege escalation, that could be helpful for our readers in their penetration testing project. In this article, we will learn how to exploit a misconfigured NFS share to gain root access to a remote host machine.

Table of contents

Introduction of NFS

Misconfigured NFS Lab setup

Scanning NFS shares

  • Nmap script
  • showmount

Exploiting NFS server for Privilege Escalation via:

Bash file

C program file

Nano/vi

  • Obtain shadow file
  • Obtain passwd file
  • Obtain sudoers file

Let’s Start!!

Network File System (NFS): Network File System permits a user on a client machine to mount the shared files or directories over a network. NFS uses Remote Procedure Calls (RPC) to route requests between clients and servers. Although NFS uses TCP/UDP port 2049 for sharing any files/directories over a network.

Misconfigured NFS Lab setup

Basically, there are three core configuration files (/etc/exports, /etc/hosts.allow, and /etc/hosts.deny) you will need to configure to set up an NFS server. BUT to configure weak NFS server we will look only /etc/export file.

To install NFS service execute below command in your terminal and open /etc/export file for configuration

Full Article Read Here

Muzaffar Mohamed

6 年

Full read not found ??
回复
Mohamed Dawoud

Active looking for a job

6 年

Can you Guide me into this Career

回复
Krishna (zoxoz)

Lead Security Engineer

6 年

Raj Chandel grt job & excellent work
回复
1 次回应
D. Sudhir

Lead CyberSecurity @AT&T

6 年

This looks like spoiler..
回复
查看更多评论

要查看或添加评论,请登录

Aarti S.的更多文章

  • HIRING
    2024年4月16日

    HIRING

    Location - India (Remote) Job Type - Full Time Experience - Entry Level (1-3 Years) Job Summary: We are seeking a…

  • Data Exfiltration using PowerShell Empire
    2019年5月27日

    Data Exfiltration using PowerShell Empire

    In our previous post, we had already discussed “Command and Control with DropboxC2” But we are going to demonstrate…

  • Development: Vulnhub Walkthrough
    2019年5月17日

    Development: Vulnhub Walkthrough

    Today we are going to take on another challenge known as “DEVELOPMENT”. This is designed for OSCP practice, and the…

  • Hack the Box : Irked Walkthrough
    2019年4月28日

    Hack the Box : Irked Walkthrough

    Today we are going to solve another CTF challenge “irked”. It is a retired vulnerable lab presented by Hack the Box for…

  • Hack the Box: Teacher Walkthrough
    2019年4月24日

    Hack the Box: Teacher Walkthrough

    oday we are going to solve another CTF challenge “Teacher”. It is a retired vulnerable lab presented by Hack the Box…

  • Covert Channel: The Hidden Network
    2019年4月21日

    Covert Channel: The Hidden Network

    Generally, the hacker uses a hidden network to escape themselves from firewall and IDS such. In this post, you will…

  • SP eric: Vulnhub Lab Walkthrough
    2019年4月17日

    SP eric: Vulnhub Lab Walkthrough

    Hello friends! Today we are going to take another CTF challenge known as “SP eric”. The credit for making this VM…

  • Command & Control: WebDav C2
    2019年4月14日

    Command & Control: WebDav C2

    In this article, we will learn how to use WebDav C2 tool. Table of Content: Introduction Installation Exploiting Target…

  • Comprehensive Guide on Netcat
    2019年4月2日

    Comprehensive Guide on Netcat

    his article will provide you with the basic guide of Netcat and how to get a session from it using different methods…

    4 条评论
  • Empire GUI: Graphical Interface to the Empire Post-Exploitation Framework
    2019年3月27日

    Empire GUI: Graphical Interface to the Empire Post-Exploitation Framework

    This is our 8th post in the series of the empire which covers how to use empire as GUI. Empire has a great GUI…

社区洞察

其他会员也浏览了