We enumerate NFS shares, and upload a Web Shell . We also performed Linux privilege escalation by getting an X11 magic cookie from a different NFS share and using it to get a screenshot of the current user’s desktop, showing the root password in a password manager. This was part of HackTheBox Squashed machine.

Squashed is an Easy Difficulty Linux machine that features a combination of both identifying and leveraging misconfigurations in NFS shares through impersonating users. Additionally, the box incorporates the enumeration of an X11 display into the privilege escalation by having the attacker take a screenshot of the current Desktop.

Get OSCP Notes

Video Walkthrough

About the Author

I create cybersecurity notes, digital marketing notes and online courses. I also provide digital marketing consulting including but not limited to SEO, Google & Meta ads and CRM administration.

View Articles