111/2049 ~ RPC/NFS

https://docs.google.com/document/d/13mnzNxvA7lA7jO0Ptrek5hgUB0KoH1ZdRgK0-N7M9fo/edit?tab=t.0

1. Network File System (NFS)

1.1 nmap

$ nmap -sV -p 2049 -n -Pn <target>

$ find /usr/share/nmap -path *.nse 2>/dev/null | grep nfs
/usr/share/nmap/scripts/nfs-statfs.nse
/usr/share/nmap/scripts/nfs-ls.nse
/usr/share/nmap/scripts/nfs-showmount.nse

# eg.
$ nmap --script=nfs-showmount.nse <target>

1.2 showmount

To query the mount daemon on a remote host for information about the state of an NFS server on that machine

showmount(8): mount info for NFS server - Linux man pagelinux.die.net

$ showmount -a <target>

-a: List both the client hostname or IP address and mounted directory in host:dir format. This info should not be considered reliable.

$ showmount -e <target>

-e: Show the NFS server's export list

1.3 mount

To mount a filesystem

mount(8): mount filesystem - Linux man pagelinux.die.net

$ sudo apt get install nfs-common
$ sudo mount -t nfs <target>:<dir> <local_dir>

# eg. 
$ mkdir /tmp/mount/dir
$ sudo mount -t nfs x.x.x.x:/mount/dir /tmp/mount/dir

Specify to use version 2 of NFS, which doesn't require any authentication:

$ sudo mount -t nfs -o vers=2 ...

2. Remote Procedure Call (RPC)

2.1 rpcinfo

Makes an RPC call to an RPC server and reports the status

rpcinfo(8) - Linux manual pageman7.org

$ rpcinfo -p <target>

-p: indicate to probe rpcbind

2.2 nmap

$ nmap -sV -p 111 --script=rpcinfo.nse <target>

Previous110 ~ POP3 Next139/445 ~ SMB

Last updated 3 months ago