Monday, February 27, 2012

NFS hacking

I had some fun last week with good old unprotected NFS shares. Still a valuable target during internal network penetration tests. Both for all sorts of interesting information that could be found shared through NFS and getting shell access to a systems through shared home directories. I am not going into the details how to do this as this is all well explained here. One of the tools that can be handy is become, which saves you from creating users with matching uids on your local system. The tool is quite old, but generally does the job. Last week however, I ran into some trouble using it. As it turns out become has trouble with uids > 65535 and displays the following error message:

become: uid out of range: Success

It was probably written in a time when uids were still 16 bits. Nowdays uids are 32 bits on most UNIX systems, which was also true on the system I was testing. I wrote a quick patch that can be found here, which allows you to specify a max uid of 4294967294.

Pentoo (overlay) users can emerge the updated ebuild. Happy NFS hacking!