NFS (Network File System) Pentesting
Last modified: 2022-12-25
Network
NFS is a distributed file system protocol that allows a user on a client computer to access files over a computer network much like local storage is accessed. Default ports are 111, 2049.
Enumeration
nmap --script=nfs-ls,nfs-statfs,nfs-showmount -p 111,2049 <target-ip>
Mounting Folders
1. Check if there are folders avaiable to mount in remote machine.
showmount -e <target-ip>
By the way, If you get error "showmount: command not found", install "nft-common".
apt-cache search showmount
sudo apt install nfs-common
2. Mount to local folder
If we find a folder available, we can mount it to local folder.
Create a new folder under /mnt.
sudo mkdir /mnt/test
Now mount a folder.
# -t: Type
# -o nolock: Option. 'nolock' disables file locking. It's required for older NFS servers.
sudo mount -t nfs <target-ip>:/target/dir /mnt/test -o nolock
# -o vers=2:
sudo mount -t nfs <target-ip>:/target/dir /mnt/test -o nolock -o vers=2
3. Confirm mounting successfully
ls /mnt/test
4. Clean up the mounted folder after investigation
sudo umount /mnt/test
sudo rm -r /mnt/test