diego-treitos / linux-smart-enumeration

Linux enumeration tool for pentesting and CTFs with verbosity levels
GNU General Public License v3.0
3.45k stars 574 forks source link

Elevate NFS share checking up to l1 from l2 #47

Closed Reelix closed 3 years ago

Reelix commented 3 years ago

As it stands, the check for NFS shares is at level 2 - Which is current reserved for information checks more so than critical ones.

https://github.com/diego-treitos/linux-smart-enumeration/blob/c795112ac530da18f7d357cab5c85650d61f4aeb/lse.sh#L816-L819

The thing is that NFS can easily be misconfigured

https://book.hacktricks.xyz/linux-unix/privilege-escalation/nfs-no_root_squash-misconfiguration-pe

I suggest that either this be elevated to level 1, or an additional level 1 / level 0 check be added for cases where the NFS share specifically contains the no_root_squash permission.

diego-treitos commented 3 years ago

The no_root_squash definitely needs a level 0. I will probably add also no_all_squash as a level 1.

Thank you for reporting this.

I am working on it.

diego-treitos commented 3 years ago

Resolved in version 3.4