Enumerating and Exploiting Network File System (NFS)
An NFS is known as a network file system, a frequently used network service that provides a distributed file system allowing users on client machines to access data on a network. Think of this as your google drive account where you create a folder sharing with your friends and whatever file you upload there they will have access to it. A Network File System, or NFS, is similar and more professionally used and it is required for businesses to transfer data over a network. Any distant computer or device that connects to the network you’ll be using might access remote data and files.
All members of a network will have access to the same files, making file sharing more convenient. I won’t dig much more into the details of it but if you are interested you can read more here about how it works and other technical details. NFS has some major disadvantages and one of them is its security aspects of it. The fact that NFS is built on RPCs, which are fundamentally unsafe and should only be used on a trusted network behind a firewall, is the first and greatest security risk. NFS will be exposed to online attacks if this does not happen. In this article, I will focus more on how a network file system can be enumerated and exploited following a tutorial from TryhackMe.
First, we will try to enumerate the network file system, Enumeration is defined as the process of extracting user names, machine names, network resources, shares, and services from a system. In this phase, the attacker creates an active connection to the system and performs directed queries to gain more information about the target. The gathered information is used to identify the vulnerabilities or weak points in system security and tries to exploit in the System gaining phase. – Grey Campus
In order to conduct an enumeration of NFS servers, I installed Ubuntu OS in Vmware. Then using the terminal I installed NFS-Common with the following command below.
"sudo apt install nfs-common"
since we will need it for more advanced enumeration of the file system. The next step is to run a port scan as this will help us to learn as much we can about the services such as open ports and OS of the host machine."nmap -p- -A -sC -Pn [IP Address]"
this query will run a port scan using Nmap. Note this process takes fairly long as it runs a thorough scan so bring a cup of coffee and sit tight. 🙂

The result is shown above, note that it shows all the open ports, in this case we will target port number 2049 nfs_acl to enumerate.

showmount -e [IP]
to see the name of the directory. Please ignore the failed attempt and note the command written above.In the next step I mounted the share to the local machine, while using "mkdir /tmp/mount"
to create a directory on the machine then, used the mount command to mount the NFS share to the local machine. After navigating to the folder, a user’s home directory can be accessed.


Now using this key we can login to the machine. That’s it for enumeration part and I will continue writing on how to exploits the NFS sometime soon.