Enumeration
Mandatory
- Check if the target exposes open shares:
showmount -e $target - If there are some, try to mount them.
- If you can mount them, check if you can write files and set the s flag. (If in export no_root_squash is defined.) If yes, create a new file with a suid bit.
Optional
- Try to use another NFS version while mounting
- On mounted shares:
- Try to change file permissions (SUID!)
Leave a Reply
You must be logged in to post a comment.