Network File System (NFS) is a protocol used for sharing files over a network, allowing a user on a client computer to access files over a computer network much like local storage. During the footprinting phase of a penetration test, identifying and misconfiguring NFS shares can lead to significant data exposure or a foothold into the system.
Side Note:
NFS -> Linux
SMB -> Windows
NFS typically runs on:
TCP port 111
TCP port 2049
UDP port 111
UDP port 2049
The file /etc/exports on the NFS server controls which folders are shared and who is allowed to access them.
Why NFS Can Be Dangerous
If NFS is misconfigured, attackers may be able to:
Read sensitive files
Modify or delete data
Upload malicious files
Steal credentials
Many servers accidentally expose NFS shares to everyone.
Scanning for NFS
This checks whether the NFS ports are open, what version is running, and whether default scripts find anything interesting.
What is RPC?
NFS relies on RPC (Remote Procedure Call).
RPC allows one computer to request services or functions from another computer over the network.
NFS uses RPC to ask what folders are shared and who is allowed to access them.
Enumerating NFS Services
This can reveal:
Shared directories
Permissions
Export configuration
Viewing Available NFS Shares
Example output:
The * means anyone can access that share.
Mounting an NFS Share
You are now browsing the remote server’s files locally.
Listing Files With Usernames
Shows file owners, group names, and permissions.
Listing Files With User and Group IDs
Shows numeric UIDs and GIDs.
Files owned by UID 0 belong to root.