NFS

Network File System

Sun Microsystems: Same purpose as SMB

Access file systems over a network as if they were local
Uses entirely different protocol. NFS is used between Linux and Unix systems.
- NFS clients can't communicate directly with SMB servers
- Internet standard: Governs procedures in a distributed file system
- NSFv3: Protocol version 3.0 has been in use for many years: Authenticates client pc
- NFSv4: As with Win SMB, the user must authenticate

NFSv4.1 Protocol support to leverage cluster server deployments

pNFS: Parallel access to files distributed across multiple servers
Multipathing: Session trunking mechanism

Advantages:

Only 1 UDP/TCP p 2049 used to run the service
Simplifies use across firewalls ONE-RPC/SUN-RPC:
- Open Network Computing/RPC protocol on TCP/UDP p 111
- XDR: External Data Representation: for system-independent exchange of data
- Auth shifted to RPC protocol's options derived from avail FS info
  - Server is responsible for translating client's info into FS format
  - Converting corresponding auth into UNIX syntax
  - UID/GID/group memberships

Problems: Client/server don't need to have same mappings of UID/GID to users/groups

Server doesn't need to do anything and no checks made
/etc/exports Contains table of physical FS on NFS server accessible by clients

cat /etc/exports # ACL for FS may be exported to clients
# Example for NFSv2/NFSv3
/srv/homes 
hostname1(rw,sync,no_subtree_check) 
hostname2(ro,sync,no_subtree_check)
# Example for NFSv4:
/srv/nfs4        gss/krb5i(rw,sync,fsid=0,crossmnt,no_subtree_check)
/srv/nfs4/homes  gss/krb5i(rw,sync,no_subtree_check)

# Default exports file contains examples 
rw # read/write perms
ro # read only perms
sync # sync data xfer (slower)
async # async data xfer (faster)
secure # ports 1024+ not used
insecure # ports 1024+ used
no_subtree_check # disables checking subdir trees
root_squash # assigns all perms of root uid/gid 0 to uid/guid of anon 

# Entry test ExportFS
echo '/mnt/nfs  10.10.10.10/24(sync,no_subtree_check)' >> /etc/exports
systemctl restart nfs-kernel-server 
exportfs
/mnt/nfs      	10.10.10.10/24

Footprinting

Ports 111, 2049; Can get info via RPC

sudo nmap 10.10.10.10 -p111,2049 -sV -sC --script nfs* # nse script 

PORT    STATE SERVICE VERSION
111/tcp open  rpcbind 2-4 (RPC #100000)
| rpcinfo: 
|   program version    port/proto  service
|   100000  2,3,4        111/tcp   rpcbind
|   100003  3,4         2049/tcp   nfs
|   100005  1,2,3      47217/tcp6  mountd
|   100021  1,3,4      39542/udp   nlockmgr
|   100227  3           2049/tcp6  nfs_acl
2049/tcp open  nfs_acl 3 (RPC #100227)

Once discovered, we can mount to our local machine

Create an empty folder the NFS share will be mounted
We can navigate it and view the contents just like our local system
root_squash is set? Can't edit backup.sh file even as root

showmount -e 10.10.10.10 # show available NFS shares
mkdir moo-share # create folder to download to
sudo mount -t nfs 10.10.10.10:/ ./moo-share/ -o nolock # mount nfs share 

tree . # list folder structure 
ls -l mnt/nfs/ # list contents with user/group names 
ls -n mnt/nfs/ # list contents with uid/guids 

sudo unmount ./moo-share # unmount share

PreviousSMB NextMySQL/MSSQL

Last updated 1 month ago