## ------------------| Nmap Scansudonmap--scriptnfs*-sV-p111,2049<IP>## ------------------| List mountsshowmount-e10.10.10.180## ------------------| List both the client and hostname or IPshowmount-a10.10.10.180
### If the “no_root_squash” option is present on a writable share, we can create an executable with SUID bit set and run it on the target system
## ------------------| Check if no_root_squash is present?cat/etc/exports|grepno_root_squash## ------------------| List mounts and mount it to our local machineshowmount-e<IP>sudomkdir-p/mnt/newsudomount-tnfs<IP>:/<WritableShares>/mnt/newsudomount-tnfs-overs=2<IP>:/<WritableShares>/mnt/new### Create a SUID binary and place it. then execuite it via attackers machine.