RPC
Nmap discovered a RPC server on the target port 111
┌──(kali㉿kali)-[~/PEN-200/PG_PRACTICE/sorcerer]
└─$ nmap -sSUC -p111 $IP
Starting Nmap 7.95 ( https://nmap.org ) at 2025-03-28 20:29 CET
Nmap scan report for 192.168.113.100
Host is up (0.019s latency).
Bug in rpcinfo: no string output.
PORT STATE SERVICE
111/tcp open rpcbind
| rpcinfo:
| program version port/proto service
| 100000 2,3,4 111/tcp rpcbind
| 100000 2,3,4 111/udp rpcbind
| 100005 1,2,3 34625/tcp mountd
| 100005 1,2,3 39117/udp mountd
| 100227 3 2049/tcp nfs_acl
|_ 100227 3 2049/udp nfs_acl
111/udp open rpcbind
Nmap done: 1 IP address (1 host up) scanned in 14.59 secondsNFS
┌──(kali㉿kali)-[~/PEN-200/PG_PRACTICE/sorcerer]
└─$ rpcinfo $IP
program version netid address service owner
100000 4 tcp 0.0.0.0.0.111 portmapper superuser
100000 3 tcp 0.0.0.0.0.111 portmapper superuser
100000 2 tcp 0.0.0.0.0.111 portmapper superuser
100000 4 udp 0.0.0.0.0.111 portmapper superuser
100000 3 udp 0.0.0.0.0.111 portmapper superuser
100000 2 udp 0.0.0.0.0.111 portmapper superuser
100000 4 local /run/rpcbind.sock portmapper superuser
100000 3 local /run/rpcbind.sock portmapper superuser
100005 1 udp 0.0.0.0.165.69 mountd superuser
100005 1 tcp 0.0.0.0.169.185 mountd superuser
100005 2 udp 0.0.0.0.137.210 mountd superuser
100005 2 tcp 0.0.0.0.195.31 mountd superuser
100005 3 udp 0.0.0.0.152.205 mountd superuser
100005 3 tcp 0.0.0.0.135.65 mountd superuser
100003 3 tcp 0.0.0.0.8.1 nfs superuser
100003 4 tcp 0.0.0.0.8.1 nfs superuser
100227 3 tcp 0.0.0.0.8.1 nfs_acl superuser
100003 3 udp 0.0.0.0.8.1 nfs superuser
100227 3 udp 0.0.0.0.8.1 nfs_acl superuser
100021 1 udp 0.0.0.0.144.80 nlockmgr superuser
100021 3 udp 0.0.0.0.144.80 nlockmgr superuser
100021 4 udp 0.0.0.0.144.80 nlockmgr superuser
100021 1 tcp 0.0.0.0.177.239 nlockmgr superuser
100021 3 tcp 0.0.0.0.177.239 nlockmgr superuser
100021 4 tcp 0.0.0.0.177.239 nlockmgr superuserMapped to the NFS service on the target port 2049 and mountd on the target ports 34625, 43449, and 49951