Portmapper - Port 111/TCP/UDP
Last updated
Was this helpful?
Last updated
Was this helpful?
Port 111 is associated with the RPCbind (Portmapper) service, a critical component in Unix-based systems that maps RPC (Remote Procedure Call) services to port numbers. It is often exploited by attackers to gather information about the target system, such as its operating system, RPC-based services (e.g., NFS, NIS), and even user details.
Default Port: 111/TCP/UDP
Other Ports: 32771 (in Oracle Solaris systems)
Associated Services: RPCbind, NFS, NIS, rusersd
Start with an aggressive Nmap scan to gather initial information about the service:
Leverage Nmap's built-in NSE scripts for RPC enumeration:
Use the rpcinfo tool to query the RPCbind service for additional details:
Example output:
The presence of services like mountd indicates NFS might be exploitable.
Use Metasploitβs auxiliary modules for RPC enumeration:
Metasploit automates the extraction of program and version information.
If NFS is discovered (commonly on port 2049), use the following tools for further exploitation:
Showmount Enumerate exported NFS shares:
Mount the Share Mount the NFS share locally:
Explore Files After mounting, look for sensitive files such as SSH keys, credentials, or configurations.
NIS requires identifying the domain name and server. Use these commands to enumerate:
Output from ypcat can reveal hashed passwords. Crack them with tools like John the Ripper:
Identify and exploit rusersd to enumerate users:
Tools like rusers provide user enumeration:
Learn & practice
Become VeryLazyTech ! π
Follow us on Twitter , Github , and Medium .
Visit our for e-books and courses. π
Support us and . β