Here's the situation -- you're on a network and you find a Network Attached Storage device with a share protected using a weak password.  You brute force the password and once you login, you find a WindowsImageBackup directory which houses the data from a Windows Server Backup.  When we view the contents, we're interested in the files with the VHD or VHDX extension.  VHDX is essentially the same as VHD but the size limit on VHDX was increased to 2TB.  That's neither here nor there, what we really want is inside the file.

We could copy the file over to our machine but depending on the location of the file with respect to your attacking system, that could be a problem.  What we really want to do is to mount that file in its current location and access what's inside.  

My Kali box is already setup so in this example, I'm using Ubuntu 18 but the steps are the same regardless of whether it's Kali or not.

I needed a quick and simple distraction for something more complicated that I've been working on.  A Google search for "Vulnhub Easy" turned up Simple which according to the description "focuses on the basics of web based hacking".  This was exactly what I had in mind and it probably took longer to write-up than it did to root.  I did find something interesting about the entry point which I learned after I rooted the box but I will get to that at the end of this post.

First we kick off with an Nmap scan:

Let's say we have a user authenticated into an application such as the LayerBB forum package pictured below.  If the software is vulnerable to Cross Site Request Forgery (CSRF), we could trick the user into clicking a link that would perform some function in that application.  For example -- if the authenticated user is an administrator to LayerBB, we could direct the user to our page which would create a new user within that application.  

Prior to tricking our victim into clicking the link, we first need some information.  If we create a user within LayerBB: