NFS 2049
NFS Enumeration and Scanning (Port 2049)
Step 1: Define the Target IP
Replace <target_ip> with the actual IP address of the target.
# Define the target IP
export TARGET_IP="192.168.1.100"Step 2: Perform an Nmap Scan for NFS Services
Basic Scan
nmap -p 2049 -sV --script nfs-* <target_ip>Explanation:
-p 2049: Specifies the NFS port.-sV: Detects the service version.--script nfs-*: Runs Nmap scripts related to NFS.
Advanced Scan
nmap -p 2049 --script nfs-ls,nfs-statfs,nfs-showmount <target_ip>Explanation:
nfs-ls: Lists files and directories exported by the NFS server.nfs-statfs: Shows file system statistics of the exported shares.nfs-showmount: Displays exported shares.
Step 3: Enumerate NFS Shares Using showmount
Install
nfs-common(if not already installed):sudo apt install nfs-commonEnumerate NFS exports:
showmount -e <target_ip>
Explanation:
-e: Lists the exported file systems.
Step 4: Mount the NFS Share
Create a directory to mount the share:
mkdir /mnt/nfsMount the NFS share (replace
<exported_share>with the actual share name):sudo mount -t nfs <target_ip>:<exported_share> /mnt/nfsAccess the mounted directory:
cd /mnt/nfs ls -laUnmount the share after enumeration:
sudo umount /mnt/nfs
Step 5: Enumerate Using Metasploit
Launch Metasploit:
msfconsoleUse the NFS client auxiliary module:
use auxiliary/scanner/nfs/nfsmount set RHOSTS <target_ip> runUse the NFS showmount module:
use auxiliary/scanner/nfs/showmount set RHOSTS <target_ip> run
Additional Tools for NFS Enumeration
Enum4Linux-ng
Clone the Enum4Linux-ng repository:
git clone https://github.com/cddmp/enum4linux-ng.git cd enum4linux-ngRun Enum4Linux-ng for NFS enumeration:
python3 enum4linux-ng.py -M nfs <target_ip>
rpcclient
Enumerate NFS RPC services:
rpcinfo -p <target_ip>
Notes
Ensure proper permissions to mount NFS shares.
Look for sensitive files in mounted shares.
Check for misconfigurations such as world-writable exports or root access.
Last updated