2049 - NFS Pentesting

Network File System (NFS)

Hacktricks

Network File System (NFS) is a network file system developed by Sun Microsystems and has the same purpose as SMB.

The /etc/exports file contains a table of physical filesystems on an NFS server accessible by the clients

cat /etc/exports
rw	#Read and write permissions.
ro	#Read only permissions.
sync	#Synchronous data transfer. (A bit slower)
async	#Asynchronous data transfer. (A bit faster)
secure	#Ports above 1024 will not be used.
insecure	#Ports above 1024 will be used.
no_subtree_check	#This option disables the checking of subdirectory trees.
root_squash	#Assigns all permissions to files of root UID/GID 0 to the UID/GID of anonymous.

Footprinting

When footprinting NFS, the TCP ports 111 and 2049 are essential.

sudo nmap <IP> -p111,2049 -sV -sC

The rpcinfo NSE script retrieves a list of all currently running RPC services, their names and descriptions, and the ports they use.

sudo nmap --script nfs* <IP> -sV -p111,2049
showmount -e <IP> # list available shares
# Mounting a share
mkdir nfsmoount
mount -t nfs <IP>:/ ./nfsmount -o nolock
ls -l /nfsmount # List Contents with Usernames & Group Names
ls -n /nfsmount # List Contents with UIDs & GUIDs
#UNMOUNTING
cd .. 
unmount ./nfsmount