# 4. NFS Enumeration

NFS (Network File System) is a type of file system that enables computer users to access, view, store, and update files over a remote server. This remote data can be accessed by the client computer in the same way that it is accessed on the local system

## 1. NFS enumeration with RPCscan and SuperEnum

scan the ports

```
nmap -p 2049 192.168.18.110
```

<figure><img src="https://2218819509-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FrUBnODuUX4EQ8P27uc5D%2Fuploads%2FugrNziSszclLiC3ZClAW%2Fimage.png?alt=media&#x26;token=d2efdd82-a99b-4fe5-b4cc-57393cc578ff" alt=""><figcaption></figcaption></figure>

### SuperEnum

SuperEnum includes a script that performs a basic enumeration of any open port, including the NFS port (2049).

{% embed url="<https://github.com/p4pentest/SuperEnum>" %}

Run the script. it requires a list of IP addresses in a file

```
./superenum.py
```

<figure><img src="https://2218819509-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FrUBnODuUX4EQ8P27uc5D%2Fuploads%2F1hnS4nj4HgYyVTuRsM6P%2Fimage.png?alt=media&#x26;token=3c24cf49-9679-49fb-9312-6cd7a76e5952" alt=""><figcaption></figcaption></figure>

### **RPCscan**

RPCScan communicates with RPC (remote procedure call) services and checks misconfigurations on NFS shares. It lists RPC services, mountpoints,and directories accessible via NFS. It can also recursively list NFS shares.

{% embed url="<https://github.com/hegusung/RPCScan>" %}

```
./rpcscan.py 192.168.18.110 --rpc
```

<figure><img src="https://2218819509-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FrUBnODuUX4EQ8P27uc5D%2Fuploads%2FRNv0gRRHc171qlSwFUvK%2Fimage.png?alt=media&#x26;token=c1cf9292-a805-4fd8-b01f-db1c33b31f48" alt=""><figcaption></figcaption></figure>

The result appears, displaying that port 2049 is open, and the NFS service is running on it.

{% embed url="<https://www.udemy.com/course/ethical-hacker-practical/?referralCode=289CF01CF51246BCAD6C>" %}