NFS 2049

1. `rpcinfo` for NFS Enumeration:

List RPC services running on a target (port 111, commonly used by NFS):
```
rpcinfo -p 10.10.10.10
```

Display all mountable shares on the target NFS server:
```
showmount -e 10.10.10.10
```
Display the connected hosts to the NFS server:
```
showmount 10.10.10.10
```
List directories shared via NFS:
```
showmount -d 10.10.10.10
```
List all mount points on the NFS server:
```
showmount -a 10.10.10.10
```

3. Metasploit NFS Auxiliary Scanner:

Use Metasploit NFS Mount scanner:

msfconsole
msf> use auxiliary/scanner/nfs/nfsmount

4. Potential Exploitation:

If you identify a share that is misconfigured (e.g., the NFS export is mounted with rw,no_root_squash), you might be able to upload and execute a malicious shell.

Check for NFS shares with rw,no_root_squash: If the exported share allows read/write access (rw) and disables root squashing (no_root_squash), you can escalate privileges to the root user on the target system.
Create a malicious shell and change ownership:
```
chown root:root sid-shell
chmod +s sid-shell
```

PreviousOracle Listener 1521 1522 1529 NextMySql 3306

Last updated 27 days ago

1. rpcinfo for NFS Enumeration:

2. showmount for NFS Share Discovery:

3. Metasploit NFS Auxiliary Scanner:

4. Potential Exploitation:

1. `rpcinfo` for NFS Enumeration:

2. `showmount` for NFS Share Discovery: