Creating Vulnerabilities: NFS Exports


Constant connections and odd binaries running on systems usually get caught pretty quickly in CCDC events. However, NFS exports are hardly ever noticed. Setting it up on an Ubuntu/Debian box is a snap and given the right directory and permissions can lead you right back to getting shell any time you want without a constant connection. Plus, NFS blends right in and can listen on TCP and/or UDP (2049)

Here is a quick how-to on setting up NFS

I’m sure you can think of much more evil locations but /etc/, /var/www/, and /root/ are some of my favorite exports, but there is no reason why you couldn’t just export ‘/’ that I know of. (NFSd might not permit it)

Remember to change the NFS settings so that it runs as root and you are golden.