111/2049 ~ RPC/NFS

https://docs.google.com/document/d/13mnzNxvA7lA7jO0Ptrek5hgUB0KoH1ZdRgK0-N7M9fo/edit?tab=t.0

1. Network File System (NFS)

1.1 nmap

Logonmap(1) - Linux man pagelinux.die.net
$ nmap -sV -p 2049 -n -Pn <target>
$ find /usr/share/nmap -path *.nse 2>/dev/null | grep nfs
/usr/share/nmap/scripts/nfs-statfs.nse
/usr/share/nmap/scripts/nfs-ls.nse
/usr/share/nmap/scripts/nfs-showmount.nse

# eg.
$ nmap --script=nfs-showmount.nse <target>

1.2 showmount

To query the mount daemon on a remote host for information about the state of an NFS server on that machine

Logoshowmount(8): mount info for NFS server - Linux man pagelinux.die.net
$ showmount -a <target>

  • -a: List both the client hostname or IP address and mounted directory in host:dir format. This info should not be considered reliable.

$ showmount -e <target>

  • -e: Show the NFS server's export list

1.3 mount

To mount a filesystem

Logomount(8): mount filesystem - Linux man pagelinux.die.net
$ sudo apt get install nfs-common
$ sudo mount -t nfs <target>:<dir> <local_dir>

# eg. 
$ mkdir /tmp/mount/dir
$ sudo mount -t nfs x.x.x.x:/mount/dir /tmp/mount/dir

Specify to use version 2 of NFS, which doesn't require any authentication:

$ sudo mount -t nfs -o vers=2 ...

2. Remote Procedure Call (RPC)

2.1 rpcinfo

Makes an RPC call to an RPC server and reports the status

rpcinfo(8) - Linux manual pageman7.org
$ rpcinfo -p <target>

  • -p: indicate to probe rpcbind

2.2 nmap

$ nmap -sV -p 111 --script=rpcinfo.nse <target>

Previous110 ~ POP3Next139/445 ~ SMB

Last updated