2022-11-13 01:16:26 +01:00
|
|
|
# NFS Enumeration
|
|
|
|
|
2023-08-13 22:57:52 +02:00
|
|
|
The Network File System (NFS) is a distributed file system protocol that allows
|
|
|
|
clients in a network to access and interact with files and directories on
|
|
|
|
remote servers as if they were local. Developed by Sun Microsystems in the
|
|
|
|
1980s, NFS is designed to enable efficient sharing and management of files
|
|
|
|
across different operating systems and platforms.
|
2022-11-13 01:16:26 +01:00
|
|
|
|
2023-08-13 22:57:52 +02:00
|
|
|
NFS operates based on a client-server model, where the client is the system
|
|
|
|
that requests access to files or directories, and the server is the system that
|
|
|
|
holds and manages these resources. The NFS protocol defines a set of operations
|
|
|
|
that clients can use to perform file-related tasks, such as reading, writing,
|
|
|
|
creating, deleting, and listing files and directories.
|
|
|
|
|
|
|
|
## Find NFS Shares on the Network
|
|
|
|
|
|
|
|
NFS provides a level of transparency to the user and applications. Remote files
|
|
|
|
and directories are accessed just like local ones, with no need for the user to
|
|
|
|
be aware of the underlying network communication. You just have to find the shares.
|
|
|
|
|
|
|
|
You can look for NFS mounts on a network using the following command
|
2022-11-13 01:16:26 +01:00
|
|
|
|
|
|
|
```sh
|
2023-08-13 22:57:52 +02:00
|
|
|
rpcinfo -p $TARGET_IP
|
|
|
|
```
|
|
|
|
|
|
|
|
or another alternative is
|
|
|
|
|
|
|
|
```sh
|
|
|
|
showmount -e $TARGET_IP
|
2022-11-13 01:16:26 +01:00
|
|
|
```
|
|
|
|
|
2023-08-13 22:57:52 +02:00
|
|
|
## Mount NFS Shares
|
|
|
|
|
|
|
|
Clients can "mount" remote directories onto their local file system, making the
|
|
|
|
remote files and directories appear as if they are part of the client's own
|
|
|
|
file system hierarchy.
|
|
|
|
|
|
|
|
Mount a share via the following command
|
|
|
|
|
|
|
|
```sh
|
2024-01-12 21:43:52 +01:00
|
|
|
mkdir /tmp/nfsfiles
|
|
|
|
mount -t nfs -o nolock $TARGET_IP: /tmp/nfsfiles
|
2023-10-21 11:13:35 +02:00
|
|
|
```
|
|
|
|
|
|
|
|
## User ID
|
|
|
|
|
|
|
|
The now mounted share got the same user permissions as on the original machine you connected to.
|
|
|
|
That means you might want to create a user following the same uid or the same gid to get permissions to open the directory.
|
|
|
|
|
|
|
|
If the permissions of the directory inside the mounted NFS share are set for uid 1003 it would look like the following example
|
|
|
|
|
|
|
|
```sh
|
|
|
|
sudo useradd nfsuser -u 1003 -m -s /bin/bash
|
2023-08-13 22:57:52 +02:00
|
|
|
```
|