NFS Service - Port 2049
Last updated
Was this helpful?
Last updated
Was this helpful?
Become VeryLazyTech ! π
Follow us on:
β Twitter .
πΎ Github .
π Medium .
πΊ YouTube .
π© Telegram .
π΅οΈββοΈ My Site .
Visit our for e-books and courses. π
The Network File System (NFS) allows file sharing across Unix-like systems over a network. While convenient, NFS often exposes sensitive data and trust relationships due to misconfigurations or outdated security models. This guide delivers in-depth methods for discovering, analyzing, and exploiting NFS services during penetration testing engagements.
NFS uses the following ports:
TCP/UDP 2049 β NFS Service
TCP/UDP 111 β Portmapper (rpcbind)
Run a detailed Nmap scan:
Check for exposed mount points and exports.
showmountCheck accessible NFS shares:
Example output:
* means accessible from any host
CIDR indicates trusted networks
Use spoofed IP addresses or proxy from allowed subnets. In some cases, a misconfigured DNS resolution can allow access even if IP-based restrictions are in place.
Check for files with improper permissions or user credentials.
By default, NFS applies root squashing: remote root becomes nfsnobody. Check /etc/exports configuration for no_root_squash option:
If no_root_squash is set, root access is preserved, allowing privilege escalation.
Create a SUID Binary on Mounted Share
Trigger Execution on Target If the NFS share is mounted by a target system, wait for the binary to sync and then trigger execution through a scheduled task or user login.
Gain Shell with Root Privileges
Look for:
SSH private keys
Database credentials
Password backup files
Misconfigured .bashrc, .profile, or crontabs
Learn & practice
Become VeryLazyTech ! π
β Twitter .
πΎ Github .
π Medium .
πΊ YouTube .
π© Telegram .
π΅οΈββοΈ My Site .
Visit our for e-books and courses. π