Metasploitable 2: Compromise – NFS Shares

Our Nessus scan results show an interesting vulnerability:

 Medium (5.0) 42256 NFS Shares World Readable

It’s only got a medium risk rating but who knows what data is in there.

Lets connect to it from our Kali box. There are various ways you could do this – here we can simply point the file browser at the box by specifying the system in the connect window:

nfs://192.168.168.134/

 

Connect NFS Metasploitable

Hit connect and we are in the root of the filesystem without any prompt for authentication:

NFS_Connected

We can take this further now by trying to grab the account password hashes from the system and then cracking them with something like John the Ripper.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s