NFS (111,2049) - JA Smith

# Network File System (NFS) Introduction - developed by Sun with the same purpose as SMB - based on ONC-RPC/SUN-RPC exposed on TCP/UDP111 - usually used between Linux/Unix systems - cannot communicate with SMB servers - no mechanism for authentication or authorization - most common authentication is via unix UID/GID and group memberships ## Footprinting NFS ```bash sudo nmap <ip_addr> -sC -sV -p111,2049 sudo nmap --script nfs* <ip_addr> -sV -p111,2049 #nfs related NSE scripts: nfs-ls, nfs-showmount, nfs-statfs, rpcinfo ``` ## NFS Share Discovery and Mounting ```bash showmount -e <ip_addr> #discover NFS shares #steps for mounting an enumerating remote shares mkdir target-NFS sudo mount -t nfs <ip_adddr>:/ ./NFS/ -o nolock #mount NFS share sudo ls -al ~/path/NFS #list contents with usernames and group names sudo ls -n ~/path/NFS/ #list contents with UIDs and GIDs sudo cat ~/path/NFS #show contents of file #if necessary add local user to associated group/GIOD to access #sudo usermod -aG new_group_name user_name sudo umount ./target-NFS #unmount ``` ## NFS Config - `/etc/exports` contains a table of physical filesystems on an NFS server that are accessible by clients - also includes share-specific options ```bash cat /etc/exports echo '/mnt/nfs <ip_addr>/24(sync,no_subtree_check)' >> /etc/exports #share test share to subnet with specified settings sudo systemctl restart nfs-kernel-server exportfs ``` | NFS Share Option | Description | | ---------------- | -------------------------------------------------------------------------------------------------------------------------------- | | rw | read and write perm | | ro | read only perm | | sync | synchronous data transfer (slower) | | async | asynchronous data transfer | | secure | ports above 1024 wont be used | | insecure | ports above 1024 will be used | | nohide | if another fs was mounted below an exported directory, this directory is exported by its own exports entry | | no_subtree_check | disabels checking of subdirectory trees | | root_squash | assigns all perms to files of root UID/GID to the UID/GID of anonymous, which precents root from accessing fiels on an NFS mount | ## NFS Version History | Version | Features | | ------- | ----------------------------------------------------------------------------------- | | NFSv2 | older but still supported on many systems; operates entirely over UDP | | NFSv3 | not fully compatible with NFSv2; more features: variable file size, error reporting | | NFSv4 | includes Kerboeros; supports ACLs; performance improvements and high security |