Skip to content

NFS - 111 or 2049

  • TCP ports 111 and 2049
  • Once we find an NFS share, we can mount it to our own machine
  • Network File System developed by Sun Microsystems - same purpose as SMB
  • Usually used bw Linux/Unix
  • NFS clients cannot directly communicate with SMB servers
  • based on ONC-RPC/SUN-RPC and uses XDR - on PORT 111 - using TCP or UDP
  • NFS does not authenticate or authorize.
  • Authentication shifted to RPC protocol ke options.
  • Authorization derived from the available file system info

Default Config:

  • cat /etc/exports
  • file contains a table of physical filesystems on an NFS server accessible by the clients.
  • The default exports file also contains some examples of configuring NFS shares.
  • First, the folder is specified and made available to others.
  • Then the rights they will have on this NFS share are connected to a host or a subnet.
  • Finally, additional options can be added to the hosts or subnets.

Dangerous Settings:

Commands:

  • showmount -e 10.129.14.128 - List all NFS Shares
  • Mounting an NFS Share:
  • mkdir target-NFS
  • sudo mount -t nfs 10.129.14.128:/ ./target-NFS/ -o nolock
  • cd target-nfs
  • Unmounting:
  • sudo umount ./target-NFS
  • It is important to note that if the root_squash option is set, we cannot edit the files in the NFS Share even as root.
  • Escalating:

Creating an Entry:

  • echo '/mnt/nfs 10.129.14.0/24(sync,no_subtree_check)' >> /etc/exports
  • allows access to /mnt/nfs over the subnet 10.129.14.0/24
  • systemctl restart nfs-kernel-server
  • exportfs
  • shows what folder is allowed access from which subnet