2049 - NFS

Network File System or NFS is a file system protocol that allows users to share directories and files over a network. The NFS protocol is similar to the Samba protocol. However, unlike Samba, NFS provides an encryption mechanism and authentication. In addition, NFS server access is also restricted to specified hostnames and IP addresses.

If you mount a folder which contains files or folders only accesible by some user (by UID). You can create locally a user with that UID and using that user you will be able to access the file/folder.

$ nmap --script=nfs-ls.nse,nfs-showmount.nse,nfs-statfs.nse -p 2049 {IP}
$ showmount -e <IP>
$ mount -t nfs [-o vers=2] <ip>:<remote_folder> <local_folder> -o nolock

Interesting files

$ /etc/exports
$ /etc/lib/nfs/etab

Dangerous settings

• Read and Write Permissions (rw): This setting allows both reading from and writing to the file system. It's essential to consider the implications of granting such broad access.

• Use of Insecure Ports (insecure): When enabled, this allows the system to utilize ports above 1024. The security of ports above this range can be less stringent, increasing risk.

• Visibility of Nested File Systems (nohide): This configuration makes directories visible even if another file system is mounted below an exported directory. Each directory requires its own export entry for proper management.

• Root Files Ownership (no_root_squash): With this setting, files created by the root user maintain their original UID/GID of 0, disregarding the principle of least privilege and potentially granting excessive permissions.

• Non-Squashing of All Users (no_all_squash): This option ensures that user identities are preserved across the system, which could lead to permission and access control issues if not correctly handled.