Metasploitable 2: Compromise – NFS Shares

Our Nessus scan results show an interesting vulnerability:

 Medium (5.0) 42256 NFS Shares World Readable

It’s only got a medium risk rating but who knows what data is in there.

Lets connect to it from our Kali box. There are various ways you could do this – here we can simply point the file browser at the box by specifying the system in the connect window:

nfs://192.168.168.134/

 

Connect NFS Metasploitable

Hit connect and we are in the root of the filesystem without any prompt for authentication:

NFS_Connected

We can take this further now by trying to grab the account password hashes from the system and then cracking them with something like John the Ripper.