We enumerate NFS shares, and upload a Web Shell . We also performed Linux privilege escalation by getting an X11 magic cookie from a different NFS share and using it to get a screenshot of the current user’s desktop, showing the root password in a password manager. This was part of HackTheBox Squashed machine.
Squashed is an Easy Difficulty Linux machine that features a combination of both identifying and leveraging misconfigurations in NFS shares through impersonating users. Additionally, the box incorporates the enumeration of an X11 display into the privilege escalation by having the attacker take a screenshot of the current Desktop.
Video Walkthrough
Show Comments