Staphysec
  • StaphySec
  • Resources
  • Tricks
  • Brute Force - CheatSheet
  • File Transfer
    • Windows File Transfer
    • Linux File Transfer
    • HTTP/SMB/Nginx/Web Servers/Netcat
  • Hashcat
  • Cheatsheet
  • Curl
  • Tools
    • Cracking
    • Information Gathering
    • XSS
    • Obfuscation
    • Credentials Theft/ Win
    • Content Management Systems (CMS)
  • Programming and Scripting
    • Virtualenv & Switching Versions
    • Python
  • SHELLS
    • Shells (Linux, Windows, Msfvenom)
  • Linux
    • CheatSheet
    • EOP Linux Tools and Resources
    • Blogs
  • Windows
    • CheatSheet
    • EOP Windows Tools and Resources
    • Useful commands and Modules
    • Active Directory
      • Tools
  • Blogs
    • Miscellaneous resources
  • PENTESTING
    • 21 - Pentesting FTP
    • 22 - Pentesting SSH
    • 25,465,587 - Pentesting SMTP
    • 53 - Pentesting DNS
    • 110,995 - Pentesting POP
    • 135 - Pentesting WMI
    • 139,445 - SMB Pentesting
    • 143,993 - Pentesting IMAP
    • 161,162,10161,10162/udp - Pentesting SNMP
    • 623/UDP/TCP - IPMI
    • 1433 - Pentesting mssql
    • 2049 - NFS Pentesting
    • 3306 - Pentesting Mysql
    • 3389 - Pentesting RDP
    • 5985,5986 - WinRm
  • Pentesting Web
    • SQL Injections
      • MySQL injection
      • SQLmap Cheatsheet
    • Command injections
    • File Uploads
    • Abusing Intermediary Applications
    • HTTP Verb Tampering
    • IDOR
    • File Inclusion / Directory Traversal
    • XXE - XEE - XML External Entity
    • SSRF
    • SSI/ESI
    • SSTI (Server Side Template Injection)
    • XSLT Server Side Injection (Extensible Stylesheet Languaje Transformations)
Powered by GitBook
On this page
  1. PENTESTING

2049 - NFS Pentesting

Network File System (NFS)

Previous1433 - Pentesting mssqlNext3306 - Pentesting Mysql

Last updated 3 years ago

Network File System (NFS) is a network file system developed by Sun Microsystems and has the same purpose as SMB.

The /etc/exports file contains a table of physical filesystems on an NFS server accessible by the clients

cat /etc/exports
rw	#Read and write permissions.
ro	#Read only permissions.
sync	#Synchronous data transfer. (A bit slower)
async	#Asynchronous data transfer. (A bit faster)
secure	#Ports above 1024 will not be used.
insecure	#Ports above 1024 will be used.
no_subtree_check	#This option disables the checking of subdirectory trees.
root_squash	#Assigns all permissions to files of root UID/GID 0 to the UID/GID of anonymous.

Footprinting

When footprinting NFS, the TCP ports 111 and 2049 are essential.

sudo nmap <IP> -p111,2049 -sV -sC

The rpcinfo NSE script retrieves a list of all currently running RPC services, their names and descriptions, and the ports they use.

sudo nmap --script nfs* <IP> -sV -p111,2049
showmount -e <IP> # list available shares
# Mounting a share
mkdir nfsmoount
mount -t nfs <IP>:/ ./nfsmount -o nolock
ls -l /nfsmount # List Contents with Usernames & Group Names
ls -n /nfsmount # List Contents with UIDs & GUIDs
#UNMOUNTING
cd .. 
unmount ./nfsmount
Hacktricks