Saturday, June 11, 2016



- Layout for this exercise:

- NFS (Network File System) is a service available on Linux systems, which function is to allow users manage of shared folders over a network. In case of misconfiguration NFS might convert into a serious vulnerability allowing attackers access to the whole system. 

- The attacker discover the NFS service running on port 2049:

- showmount displays a list of exported directories from a specific machine, in this case the vulnerable victim's IP. 

- The result (/*) shows that even the root directory at the victim is shared, which it is actually a huge security breach, because the whole system is available to be shared by any attacker.

- As a consequence, the filesystem accessed with showmount can be mounted or attached into a temporary folder at the attacker's machine. The option nolock ensures disabling file locking: 

- A a result, the attacker can see locally the whole content of the remote system:

- For instance, etc/passwd is obtained by the attacker: