Keyboard shortcuts

Press or to navigate between chapters

Press S or / to search in the book

Press ? to show this help

Press Esc to hide this help

🏠 Back to Blog

NFS (Network File System)

NFS is a distributed file system protocol that allows a user on a client computer to access files over a network in a manner similar to how local storage is accessed. It was originally developed by Sun Microsystems in the 1980s and has since become a widely adopted standard for file sharing in Unix and Linux environments.

NFS is based on the Open Network Compute Remote Procedure Call (ONC-RPC/SUNRPC) protocol: https://en.wikipedia.org/wiki/Sun_RPC

NFS Versions

  • NFSv2: The original version, introduced in 1984, supports basic file operations but has limitations such as a maximum file size of 2GB.
  • NFSv3: Introduced in 1995, it added support for larger file sizes (up to 64-bit), improved performance, and better error handling.
  • NFSv4: Released in 2000, it introduced significant enhancements, including stateful protocol, improved security features (like Kerberos authentication), and support for file locking and delegation.
  • NFSv4.1 and NFSv4.2: These are incremental updates to NFSv4, adding features like parallel NFS (pNFS) for improved performance and additional security enhancements.

Configuration

  • NFS is generally simple to configure. The /etc/exports file on the server specifies which directories are shared and the permissions for each client. 
    rnemeth@htb[/htb]$ cat /etc/exports 

# /etc/exports: the access control list for filesystems which may be exported
#               to NFS clients.  See exports(5).
#
# Example for NFSv2 and NFSv3:
# /srv/homes       hostname1(rw,sync,no_subtree_check) hostname2(ro,sync,no_subtree_check)
#
# Example for NFSv4:
# /srv/nfs4        gss/krb5i(rw,sync,fsid=0,crossmnt,no_subtree_check)
# /srv/nfs4/homes  gss/krb5i(rw,sync,no_subtree_check)
  • On the client side, the mount command is used to mount NFS shares to local directories.

Footprinting and Enumeration

  • When footprinting NFS, the ports 111 and 2049 are commonly associated with NFS services. Port 111 is used by the portmapper service, which helps clients locate the NFS service on the server. Port 2049 is the default port for NFS itself.
  • Tools like showmount, nmap, and rpcinfo can be used to enumerate NFS shares and gather information about the NFS service.