March 24, 2017 Karn Ganeshen

Metasploitable – Exploiting nfs

root@kali:~# nmap -sV -n -p 2049 -sC


List the directories available for export / mounting:

Let’s create a mount point and mount / of the target.

Successfully mounted.

Well, get the shadow file.

Leave cracking passwords for later, and let’s get ssh keys.

Add the public key to target’s root ssh known_hosts file. This will allow us to use msfadmin’s private key and get direct ssh access as root.


Tagged: ,

Leave a Reply

Your email address will not be published. Required fields are marked *