NFS & RPC

Last updated 5 years ago

Was this helpful?

NFS & RPC

Remote Procedure Call - designed to allow computers to run tasks on each other

[135,msrpc]

Links

nmap -T4 -n -Pn -sV --version-all -p 135 --script="(default or vuln or exploit) and not (brute or dos or external)" 10.11.1.5 nmap -T4 -n -Pn -sV --version-all -p {port} --script="msrpc-enum,rpc-grind, rpcinfo, freevulnsearch" {ip}

rpcclient --user="" --command=enumprivs -N $ip

rpcclient -p 135 -U "" 10.11.1.5

rpc -N -U "" 10.11.1.5

[RPC - Port 111]

rpcinfo -p 192.x.x.x

nmap -sV --script=nfs-ls 192.168.44.133

nmap --script="freevulnsearch,rpc-grind,rpcinfo,default" 192.168.100.131 -p 111

Connect to an RPC share without a username and password and enumerate privledges

rpcclient --user="" --command=enumprivs -N $ip

Connect to an RPC share with a username and enumerate privledges

rpcclient --user="<Username>" --command=enumprivs $ip

Copy bash to a new subshell

mount a NFS share from a remote server, copy bash from local to remote and execute
cp -p ./bash /mnt/share/newbash
./newbash -p

[NFS - PORT 2049]

All NFS scripts [ls,showmount and statfs]

nmap -sT -sU -sV [-p 111,2049] --script="nfs-*" 192.168.1.100 nmap {nmap_extra} -sV -p {port} --script="(rpcinfo or nfs*) and not (brute or broadcast or dos or external or fuzzer)"

nmap -sV --script=nfs-ls 192.168.44.133 - same result as rpcinfo showmount -e 192.168.100.131 - Shows available exports from the given host. rpcinfo -p 192.168.100.131

If you see any NFS related ACL port open

see /etc/exports

2049/tcp nfs_acl

/etc/exports: the access control list for filesystems which may be exported to NFS clients.

Mount Windows CIFS / SMB share on Linux at /mnt/cifs if you remove password it will prompt on the CLI (more secure as it wont end up in bash_history)

net use Z: \\win-server\share password
/user:domain\janedoe /savecred /p:no

Mount a Windows share on Windows from the command line

apt-get install smb4k -y

Mounting File Shares

How to mount NFS / CIFS, Windows and Linux file shares.

sudo apt install nfs-common mount -t nfs 192.168.100.131:/ /mnt/nfs -o nolock mount -t nfs -o vers=2 10.10.10.127:/home /mnt

Ippsec fortune video

Check to see if package cifs-utils is installed:

dpkg -l cifs-utils sudo apt install cifs-utils mount -t cifs -o username=user,password=pass,domain=blah ////192.168.1.X//share-name /mnt/cifs mount -t cifs -o rw,guest "//host/share" /mnt/localdir how to mount a samba share anonymously

PreviousSSH

Last updated 5 years ago

Was this helpful?

Remote Procedure Call - designed to allow computers to run tasks on each other

[135,msrpc]

Links

rpcclient --user="" --command=enumprivs -N $ip

rpcclient -p 135 -U "" 10.11.1.5

rpc -N -U "" 10.11.1.5

[RPC - Port 111]

rpcinfo -p 192.x.x.x

nmap -sV --script=nfs-ls 192.168.44.133

nmap --script="freevulnsearch,rpc-grind,rpcinfo,default" 192.168.100.131 -p 111

Connect to an RPC share without a username and password and enumerate privledges

rpcclient --user="" --command=enumprivs -N $ip

Connect to an RPC share with a username and enumerate privledges

rpcclient --user="<Username>" --command=enumprivs $ip

Copy bash to a new subshell

mount a NFS share from a remote server, copy bash from local to remote and execute
cp -p ./bash /mnt/share/newbash
./newbash -p

[NFS - PORT 2049]

All NFS scripts [ls,showmount and statfs]

nmap -sT -sU -sV [-p 111,2049] --script="nfs-*" 192.168.1.100 nmap {nmap_extra} -sV -p {port} --script="(rpcinfo or nfs*) and not (brute or broadcast or dos or external or fuzzer)"

nmap -sV --script=nfs-ls 192.168.44.133 - same result as rpcinfo showmount -e 192.168.100.131 - Shows available exports from the given host. rpcinfo -p 192.168.100.131

If you see any NFS related ACL port open

see /etc/exports

2049/tcp nfs_acl

/etc/exports: the access control list for filesystems which may be exported to NFS clients.

Mount Windows CIFS / SMB share on Linux at /mnt/cifs if you remove password it will prompt on the CLI (more secure as it wont end up in bash_history)

net use Z: \\win-server\share password
/user:domain\janedoe /savecred /p:no

Mount a Windows share on Windows from the command line

apt-get install smb4k -y

READ:

See root squashing

Mounting File Shares

How to mount NFS / CIFS, Windows and Linux file shares.

sudo apt install nfs-common mount -t nfs 192.168.100.131:/ /mnt/nfs -o nolock mount -t nfs -o vers=2 10.10.10.127:/home /mnt

Ippsec fortune video

Check to see if package cifs-utils is installed: