/etc/exports
indicates an IP. In this case you won't be able to use in any case the remote exploit and you will need to abuse this trick.
Another required requirement for the exploit to work is that the export inside /etc/export
must be using the insecure
flag.
--I'm not sure that if /etc/export
is indicating an IP address this trick will work--no_root_squash
but there is something preventing us from mounting the share on our pentest machine. This would happen if the /etc/exports
has an explicit list of IP addresses allowed to mount the share.