# 2049 - NFS

Network File System or NFS is a file system protocol that allows users to share directories and files over a network. The NFS protocol is similar to the Samba protocol. However, unlike Samba, NFS provides an encryption mechanism and authentication. In addition, NFS server access is also restricted to specified hostnames and IP addresses.

If you mount a folder which contains files or folders only accesible by some use**r** (by **UID**). You can **create** **locally** a user with that **UID** and using that **user** you will be able to **access** the file/folder.

```bash
$ nmap --script=nfs-ls.nse,nfs-showmount.nse,nfs-statfs.nse -p 2049 {IP}
$ showmount -e <IP>
$ mount -t nfs [-o vers=2] <ip>:<remote_folder> <local_folder> -o nolock
```

### Interesting files

```bash
$ /etc/exports
$ /etc/lib/nfs/etab
```

### Dangerous settings <a href="#dangerous-settings" id="dangerous-settings"></a>

* **Read and Write Permissions (`rw`):** This setting allows both reading from and writing to the file system. It's essential to consider the implications of granting such broad access.
* **Use of Insecure Ports (`insecure`):** When enabled, this allows the system to utilize ports above 1024. The security of ports above this range can be less stringent, increasing risk.
* **Visibility of Nested File Systems (`nohide`):** This configuration makes directories visible even if another file system is mounted below an exported directory. Each directory requires its own export entry for proper management.
* **Root Files Ownership (`no_root_squash`):** With this setting, files created by the root user maintain their original UID/GID of 0, disregarding the principle of least privilege and potentially granting excessive permissions.
* **Non-Squashing of All Users (`no_all_squash`):** This option ensures that user identities are preserved across the system, which could lead to permission and access control issues if not correctly handled.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://0xpthree.gitbook.io/notes/network-services/ports/2049-nfs.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.