Useful commands

# ATTACKER
showmount -e $ip

nmap -sV --script=nfs-showmount $ip

mount -o vers=2 $ip:<share> <local_dir>

# VICTIM
cat /etc/exports
mount | grep nosuid # which dirs prohibit suid executables
mount | grep noexec # which dirs no exec

UID Squashing

root squashing

user squashing