no_root_squash!

Discover vulnerability with cat /etc/exports and see if a directory is configured as NO_ROOT_SQUASH.

  • if might restrict the IP 

if it only accepts traffic from internal i.e) 127.0.0.1, consider remote port forwarding. 
If you have an access to the target machine via SSH, this will be easy
1.  ssh -N -R kali_IP:2049:127.0.0.1:2222 kali@kali_IP
 this command connects the 2049 opened on the localhost(target's) which is nfs and send it to kali on the same port. 
check that the port is listening on the localhost (nmap it) 
Steps: 
1. (kali) mount the folder mount -t nfs 127.0.0.1:/sharename /tmp/pa (create this folder on kali) 
2. (kali) create the payload with gedit 
3. (kali) chmod +s it 
4. (victim) cd to the folder and run it.

is your ssh open?

systemctl status sshd
sudo systemctl start sshd   (if it's not running)

command 1 ( From this machine) ssh -* -* ::: You are required to use the credential.

Sanity Check:

  1. You go back to the pivot and check , you will see a port listening.

command 2 ssh -*** -* ::: You are required to use the credential to your machine.

Sanity Check:

  1. You go back to the your machine and check , you will see a port listening.

  2. You nmap your local ip address and given port number, you will see the service running

That means your work is correct.

PrevioussudoeditNextSUID wins!

Last updated