RPC 111

bashCopy codenc -nv 10.11.1.72 111

Using Nmap for RPC Enumeration

Scan with NFS Scripts:

nmap -sV --script=nfs-* 192.168.101.130

TCP Connect Scan for Port 111:

nmap -sSUC -p 111 10.10.10.10

Scan Range for Port 111:

nmap -v -p 111 10.11.1.1-254

RPC Info Script Scan:

nmap -sV -p 111 --script=rpcinfo 10.11.1.1-254

Using rpcbind

Find rpcbind Services:

rpcbind -p 192.168.1.101

Using rpcinfo for RPC Services

Query RPC Info:

rpcinfo -p 192.168.101.130

Null Session Access with rpcclient

Access with Null Credentials:

rpcclient -U "" -N 10.11.1.5

If connection is successful, try these commands:

srvinfo
enumdomusers
enumprivs
enumalsgroups domain
lookupnames administrators
querydominfo
enumdomusers
queryuser redcliff

Mount NFS Shares

Show NFS Shares:

showmount -e 10.10.10.10

Mount NFS Share (example):

sudo mkdir home
sudo mount -o nolock 10.10.10.10:/home ~/home
cd home/ && ls
PreviousPOP 110-995NextIdent 113

Last updated