Sorcerer_NFS

NFS

---

Nmap discovered a NFS service on the target port 2049 The service is mapped through the RPC server

┌──(kali㉿kali)-[~/PEN-200/PG_PRACTICE/sorcerer]
└─$ showmount -e $IP
Export list for 192.168.113.100:

Empty

nfs_analyze

---

┌──(kali㉿kali)-[~/PEN-200/PG_PRACTICE/sorcerer]
└─$ nfs_analyze $IP --check-no-root-squash 
Checking host 192.168.113.100
Supported protocol versions reported by portmap:
Protocol          Versions  
portmap           2, 3, 4   
mountd            1, 2, 3   
nfs               3, 4      
nfs acl           3         
nfs lock manager  1, 3, 4   
 
Available Exports reported by mountd:
[empty]
 
Connected clients reported by mountd:
[empty]
 
Supported NFS versions reported by nfsd:
Version  Supported  
3        Yes        
4.0      Yes        
4.1      No         
4.2      No         
 
NFSv3 Windows File Handle Signing: Testing not possible, no export available
 
Trying to escape exports
Checking no_root_squash
[empty]
 
NFSv4 overview and auth methods (incomplete)
Error listing directories: RPCError: MSG_DENIED: AUTH_ERROR: AUTH_BADCRED
 
Trying to guess server OS
OS       Property                                      Fulfilled  
Linux    File Handles start with 0x0100                Unknown    
Windows  NFSv3 File handles are 32 bytes long          Unknown    
Windows  Only NFS versions 3 and 4.1 supported         No         
FreeBSD  Mountd reports subnets without mask           Unknown    
NetApp   netapp partner protocol supported             No         
HP-UX    Only one request per TCP connection possible  No         
 
Final OS guess: Unknown

NFS 4.0 is supported so there might be hidden shares, but a valid credential is required