🔮
P4n1cBook
  • 🏴‍☠️Welcome!
    • 🔮P4n1cBook
    • 📚Bookmarks
    • 🚨Licence and Disclaimer
  • Fundamentals
    • Starter Kit
      • Linux
      • PowerShell
      • Git
      • 💾Regex
      • curl
      • tcpdump
      • Nmap
      • 🦈Wireshark
      • Metasploit
    • 🌐Network Protocols
      • ICMP
      • SSH
      • Telnet
      • DNS
      • FTP
      • HTTP/HTTPS
      • SMB
      • SNMP
      • SMTP
      • NFS
      • IPP
      • WinRM
      • LLMNR
    • Code
      • Python Essentials
      • C & C++
    • Web APIs
      • GraphQL
    • Shells/TTYs
    • Dorks
    • Cryptography
    • Reverse Engineering
      • GDB
      • Binaries
  • Web Exploitation
    • Web Enumeration
    • Web Fuzzing
      • ffuf
      • feroxbuster
      • Gobuster
      • GoWitness
    • Main Techniques
      • Arbitrary File Read
      • Session Hijacking
      • SSRF
      • Eval Injection
      • Template Manipulation
      • Path Traversal
      • Prototype Pollution
      • XXE
      • Deserialization
      • Log Poisoning
      • Command Injection
      • SQLi
        • SQLmap
      • Arbitrary File Upload
      • SSTI
      • LFI
      • XSS
    • Web Servers
      • Apache
      • Nginx
      • Werkzeug
    • Web Services/Frameworks
      • Wordpress
      • Laravel
      • Express
      • Magento
      • AIOHTTP
      • HashiCorp Vault
      • Tiny File Manager
      • Joomla
      • CMS Made Simple
      • 🌵Cacti
      • Tomcat
      • Zabbix
      • OpenNetAdmin
      • ImageMagick
    • Databases
      • MySQL
      • NoSQL
        • MongoDB
        • Redis
    • Java-based web application
      • pd4ml.jar
      • Struts
      • .WAR
      • JDWP
  • Cloud Exploitation
    • Kubernetes
    • AWS
  • Post Exploitation
    • File Transfer
      • Exfiltration
    • Credential Dumping
      • Thunderbird
    • Lateral Movement
    • Persistence
    • Linux Privilege Escalation
      • Static Binaries
      • Enumeration
      • Hijacks
      • Command Injection
      • Jailbreaks
      • Binary Exploitation - Linux
      • Kernel Exploits
      • Buffer Overflow - Linux
      • Docker
      • Abusing Wildcards
  • Wireless Exploitation
    • NFC
Powered by GitBook
On this page
Edit on GitHub
  1. Fundamentals
  2. Network Protocols

NFS

Network File System

PreviousSMTPNextIPP

Last updated 15 days ago

  • Mount shares in to your local system:

sudo mount 10.10.10.34:/var/nfsshare /mnt
Enumeration
Use nmap scripts
nmap -sV --script=nfs-ls 10.10.10.34

  • And the showmount command to list all the shares:

showmount -e 10.10.10.34

  • To look the configuration on the server side:

cat /etc/exports
Configuration

Access Options

  • rw: Allows clients to read from and write to the shared directory.

  • ro: Allows clients to only read from the shared directory.

Sync and Async Options

  • sync: Ensures all changes are written to disk before the NFS server responds to the client. This is safer but slower.

  • async: Allows the server to respond before data is written to disk. This improves performance but can lead to data loss if the server crashes.

User Mapping Options

  • root_squash: Maps root user requests from clients to the nfsnobody user (or equivalent) on the server, restricting root access.

  • no_root_squash: Grants root user on the client the same privileges as root on the server. Use with caution, as it can lead to security risks.

  • all_squash: Maps all client users (including root) to the nfsnobody user (or equivalent) on the server.

  • no_all_squash: Retains the original UID and GID of non-root users from the client on the server. This is the default.

  • anonuid=<UID>: Sets the UID of the anonymous user for all_squash or root_squash. Default is 65534 (nfsnobody).

  • anongid=<GID>: Sets the GID of the anonymous user. Default is 65534.

Security and Access Control

  • secure: Requires clients to use a privileged port (below 1024) for communication. This is the default.

  • insecure: Allows clients to connect from any port, including unprivileged ports (above 1024). Necessary for some client configurations.

  • no_subtree_check: Disables subtree checking. Recommended for shared directories where the export does not match the actual filesystem hierarchy, as it improves performance.

  • subtree_check: Enables subtree checking. Verifies that the requested file is within the exported tree. This is the default.

Performance Options

  • no_wdelay: Prevents the NFS server from delaying writes. Useful when multiple clients write to the same file simultaneously.

  • wdelay: Causes the server to delay writes slightly to optimize performance when multiple write requests arrive. This is the default.

Client Specification

  • <IP>: Specifies a single client IP (e.g., 10.10.10.1).

  • <subnet>: Specifies a subnet (e.g., 10.10.10.0/24).

  • *: Allows all clients to connect. Use cautiously as this is less secure.

  • <hostname>: Specifies a hostname for allowed clients.

🌐
LogoGitHub - NetDirect/nfsshell: Userspace NFS client shellGitHub