NFS (2049, 111)

Nmap

nmap 10.129.14.128 -p111,2049 -sV -sC
nmap --script nfs* 10.129.14.128 -sV -p111,2049
[Apr 05, 2024 - 02:07:39 (EDT)] exegol-CPTS /workspace # locate -r nse$|grep nfs
/usr/share/nmap/scripts/nfs-ls.nse
/usr/share/nmap/scripts/nfs-showmount.nse
/usr/share/nmap/scripts/nfs-statfs.nse

Dangerous settings

Option

Description

rw

Read and write permissions.

insecure

Ports above 1024 will be used.

nohide

If another file system was mounted below an exported directory, this directory is exported by its own exports entry.

no_root_squash

All files created by root are kept with the UID/GID 0.

Available NFS Shares

$ showmount -e 10.129.14.128

Export list for 10.129.14.128:
/mnt/nfs 10.129.14.0/24

NXC

nxc nfs [IP] --shares
nxc nfs [IP] --enum-shares

NFS Security Tooling

LogoNFS Security: Identifying and Exploiting Misconfigurations
LogoGitHub - hvs-consulting/nfs-security-toolingGitHub

Mounting NFS share

$ mkdir target-NFS
$ sudo mount -t nfs 10.129.14.128:/ ./target-NFS/ -o nolock
$ cd target-NFS
$ tree .

.
└── mnt
    └── nfs
        ├── id_rsa
        ├── id_rsa.pub
        └── nfs.share

2 directories, 3 files

/!\ fonctionne pas sous Exegol - sous Ubuntu ok:

osboxes@osboxes:~/Desktop$ sudo apt-get install nfs-common
osboxes@osboxes:~/Desktop$ sudo mount -t nfs 10.129.202.5:/ ./target-NFS/
osboxes@osboxes:~/Desktop$ tree target-NFS/
target-NFS/
├── mnt
│   └── nfsshare
│       └── flag.txt
└── var
    └── nfs
        └── flag.txt

5 directories, 2 files

Unmounting

0xss0rz@htb[/htb]$ cd ..
0xss0rz@htb[/htb]$ sudo umount ./target-NFS

If "Device is busy": sudo umount -l ./Desktop/target-NFS

Upload / Download File with NetExec

NetExec nfs <ip> --get-file /home/user/Desktop/test/test.txt test.txt
NetExec nfs <ip> --put-file test2.txt /home/user/Desktop/

NFS Data Extraction

Network Attacks

Interesting Books

Interesting Books

Disclaimer: As an Amazon Associate, I earn from qualifying purchases. This helps support this GitBook project at no extra cost to you.

  • Nmap Network Scanning The official guide to the Nmap Security Scanner, a free and open source utility used by millions of people for network discovery, administration, and security auditing. From explaining port scanning basics for novices to detailing low-level packet crafting methods used by advanced hackers, this book by Nmap's original author suits all levels of security and networking professionals.

  • The Art of Network Penetration Testing A guide to simulating an internal security breach. You’ll take on the role of the attacker and work through every stage of a professional pentest, from information gathering to seizing control of a system and owning the network.

  • Network Basics for Hackers The book offers one of the most complete and in-depth analyses of Wi-Fi and Bluetooth networks, then progresses through the various protocols such as DNS, ARP, SMTP, and others.

Support this Gitbook

I hope it helps you as much as it has helped me. If you can support me in any way, I would deeply appreciate it.

PreviousMySQL (3306)NextOracle TNS (1521, 1522-1529, 1748)

Last updated