NFS Ports (111,2049)

nmap --script nfs-ls,nfs-showmount,nfs-statfs <IP>
showmount -e <IP>

# Metasploit
use auxiliary/scanner/nfs/nfsmount

In the example below nmap has identified /home/simon * as being mountable. The asterisk dictates any address can mount this file path.

To mount an export first create a directory on the attacking machine.

sudo mkdir /mount/

Then use the command below to mount to the directory just created.

sudo mount -t nfs <IP>:<PATH> /mount/ -o nolock

Running the command mount will list available mounted paths. Using grep we can filter for relevant paths.

mount <PATH>

Last updated 8 months ago