-
Enumeration Mandatory Check if the target exposes open shares:showmount -e $target If there are some, try to mount them. If you can mount them, check if you can write files and set the s flag. (If in export no_root_squash is defined.) If yes, create a new file with a suid bit. Optional Try to use another NFS…
-
Displays all available network shares: showmount -e $target Normal mount mount -t nfs $target:/home /mnt Mounting with nfspy — with the hide option, it mounts and unmounts for the server so the victim cannot see the new connection via showmount. nfspy -o server=192.168.1.124:/home,hide,allow_other,ro,intr /mnt Mount via SSH ssh -N -L 3049:localhost:2049 user@hostname mount -t nfs -o port=3049…