TLDRBins TLDRBins / Mount Share

Usage Tips:

  • Click on a keyword to enable inline editing.
  • Click inside a code block to copy (excludes comments).
  • Use the button to view examples.
  • Click outside to collapse all examples.

List share

showmount -e <TARGET>

Sample Output:
$ showmount -e 10.10.11.191
Export list for 10.10.11.191:
/home/ross    *
/var/www/html *

Mount share

sudo mkdir /mnt/share

Sample Output:
$ sudo mkdir /mnt/share

sudo mount -t nfs <TARGET>:<SHARE> /mnt/share/

Sample Output:
$ sudo mount -t nfs 10.10.11.191:/home/ross /mnt/share/

$ ls /mnt/share 
Desktop  Documents  Downloads  Music  Pictures  Public  Templates  Videos

Unmount share

sudo umount /mnt/share/

Sample Output:
$ sudo umount /mnt/share/

Mount share

sudo mount -t cifs //<TARGET>/<SHARE> /mnt

Sample Output:
TO-DO
# Without creds
sudo mount -t cifs -o user=,password= //<TARGET>/<SHARE> /mnt

Sample Output:
TO-DO
# With creds
sudo mount -t cifs -o user='<USER>',pass='<PASSWORD>' //<TARGET>/<SHARE> /mnt

Sample Output:
$ sudo mount -t cifs -o ro,user='localadmin',password='Secret123' //10.10.11.102/Shared /mnt

$ ls /mnt      
Documents  Software

Mount inside Windows

# Mount
net use \\localhost\c$ /u:'<DOMAIN>\<USER>' '<PASSWORD>'

Sample Output:
TO-DO
# Check
dir \\localhost\c$\users\administrator\desktop

Sample Output:
TO-DO

Abuse #1: Misconfigured Share

# Check all mounted drives
mount

Sample Output:
$ mount     

...[SNIP]...
10.10.11.191:/home/ross on /mnt/share type nfs4 (rw,relatime,vers=4.2,rsize=262144,wsize=262144,namlen=255,hard,proto=tcp,timeo=600,retrans=2,sec=sys,clientaddr=10.10.14.31,local_lock=none,addr=10.10.11.191)

# Check how shares are mounted
cat /etc/exports

Sample Output:
$ cat /etc/exports
/var/nfsshare *(rw,sync,root_squash,no_all_squash)
/opt *(rw,sync,root_squash,no_all_squash)


+-----------------------------------------------------------------------------------------+
| root_squash  : running as root on local system will be treated as nobody user in target |
| no_all_squash: every other users permission will translate from local system to target  |
+-----------------------------------------------------------------------------------------+

Sample Output:
TO-DO

# Add dummy user
sudo useradd dummy

Sample Output:
$ sudo useradd dummy

# Change uid
sudo usermod -u 1001 dummy 

Sample Output:
$ sudo usermod -u 1001 dummy

# Switch to dummy user
sudo su dummy -c bash

Sample Output:
$ sudo su dummy
$ id
uid=1001(dummy) gid=1001(dummy) groups=1001(dummy)