Enumerate NFS Servers
Detect remote NFS server, enumerate available versions and check for the root escape (see escape to root file system ).
Copy NetExec nfs <ip>
# Example Output
NFS <ip> <port> <ip> [*] Supported NFS versions: (3, 4) (root escape:True) Enumerate NFS Shares
Use the flag --shares to enumerate exported NFS shares. Output shows target UID, Permissions, Storage Usage, Access List.
Copy NetExec nfs <ip> --shares
# Example Output
NFS <ip> <nfs_port> <ip> [*] Supported NFS versions: (3, 4) (root escape:False)
NFS <ip> <nfs_port> <ip> [*] Enumerating NFS Shares
NFS <ip> <nfs_port> <ip> UID Perms Storage Usage Share Access List
NFS <ip> <nfs_port> <ip> --- ----- ------------- ----- -----------
NFS <ip> <nfs_port> <ip> 2000 rw- 9.2GB/19.5GB /home/user/Desktop/test *
NFS <ip> <nfs_port> <ip> 1000 rw- 9.2GB/19.5GB /home/user/Desktop/NFSShare 192.168.0.0/24 List files on a share
Use the --ls option to list files on the target system. Chose the target share with the --share flag. To use the root fs escape see "escape to root file system ".
Copy NetExec nfs <ip> --share '/var/nfs/general' --ls '/'
# Example Output
NFS <ip> <port> <ip> [*] Supported NFS versions: (3, 4) (root escape:False)
NFS <ip> <port> <ip> UID Perms File Size File Path
NFS <ip> <port> <ip> --- ----- --------- ---------
NFS <ip> <port> <ip> 1000 -r-x 1.4MB /var/nfs/general/Screenshot_2024-10-09_18_13_25.png
NFS <ip> <port> <ip> 0 dr-- 4.0KB /var/nfs/general/other
NFS <ip> <port> <ip> 65534 ---- 0B /var/nfs/general/test
NFS <ip> <port> <ip> 65534 ---- 8.0B /var/nfs/general/test123
NFS <ip> <port> <ip> 65534 ---- 0B /var/nfs/general/test1234
NFS <ip> <port> <ip> 65534 -rwx 6.0B /var/nfs/general/testfile
NFS <ip> <port> <ip> 0 dr-- 4.0KB /var/nfs/general/tmp Enumerate the File on NFS Shares
Enumerate all files and folders recursively with --enum-shares with a given recursion depth (default is 3 layers). The depth can be changed with --enum-shares 5. Output shows target UID, Permissions, File Size, File Path, Access List.
Copy NetExec nfs <ip> --enum-shares
# Example Output
NFS <ip> <nfs_port> <ip> [*] Supported NFS versions: (3, 4) (root escape:False)
NFS <ip> <nfs_port> <ip> [*] Enumerating NFS Shares Directories
NFS <ip> <nfs_port> <ip> [+] /home/user/Desktop/test
NFS <ip> <nfs_port> <ip> UID Perms File Size File Path Access List
NFS <ip> <nfs_port> <ip> --- ----- --------- --------- -----------
NFS <ip> <nfs_port> <ip> 1000 r-- 21.0B /home/user/Desktop/test/test.txt *
NFS <ip> <nfs_port> <ip> 0 r-- 9.0B /home/user/Desktop/test/test2.txt *
NFS <ip> <nfs_port> <ip> [+] /home/user/Desktop/NFSShare
NFS <ip> <nfs_port> <ip> UID Perms File Size File Path Access List
NFS <ip> <nfs_port> <ip> --- ----- --------- --------- -----------
NFS <ip> <nfs_port> <ip> 1000 rw- 6.0B /home/user/Desktop/NFSShare/test.txt 192.168.38.0/24
NFS <ip> <nfs_port> <ip> 1000 rw- 7.0B /home/user/Desktop/NFSShare/NFS2/test2.txt 192.168.38.0/24,
NFS <ip> <nfs_port> <ip> 1000 rwx 27.0B /home/user/Desktop/NFSShare/test3.txt 192.168.38.0/24
