2049 - NFS
NFS security is partially based on the remote user mounting the filesystem having the same UID (User ID) and GID (Group ID) as the owner of that share.
We can find a NFS share if we query port 111 (RPC)
NFS security is partially based on the remote user mounting the filesystem having the same UID (User ID) and GID (Group ID) as the owner of that share. Restrictions can also be placed into the /etc/hosts.allow and /etc/hosts.deny files, but we won’t go into that here. Suffice to say, using the UID and GID as a basis for security isn’t the best way of doing it.
Show shares:
showmount -e {IP Address}
Mount a share:
Don't forget to create the share you mounting to (/mnt/nfs)...
mount {IP Address}:/vol/share /mnt/nfs -nolock nfsserver=3
Example:
root@kali:~# mount -t nfs 192.168.0.42:/var/nfs /mnt/test1 -o nolock
*Mount Windows CIFS / SMB share on Linux at /mnt/cifs if you remove password it will prompt on the CLI (more secure as it wont end up in bash_history)
Using username and password:
mount -t cifs -o ro,domain=[domain],username=[username],password=[password],sec=ntlmv2 //hostnameOrIP/Share /path/to/localdir
Example:
mount -t cifs nfsserver=3 -o username=user,password=pass,domain=blah //192.168.1.X/share-name /mnt/cifs
Unmount
root@kali:~# umount -f -l /mnt/test1
UID/GID Manipulation
Can use nfsshell or use bash
Add new user with the following commands:
Now we can create ssh keys (ssh-keygen) and able copy the ssh key to the nfs share:
cat ~/.ssh/id_rsa.pub >> /mnt/peter/.ssh/authorized_keys
Nfsshell
Nfsshell is useful for accessing NFS shares without having to create users with the same UID/GID pair as the target exported filesystem
Example:
Shell
We can obtain a shell via running the following code:
Last updated
Was this helpful?