Physical attacks
Mobile Apps Pentesting

2049 - Pentesting NFS Service

Basic Information

It is a client/server system that allows users to access files across a network and treat them as if they resided in a local file directory.

Default port: 2049

2049/tcp open nfs 2-3 (RPC #100003
mount -t nfs [-o vers=2] <ip>:<remote_folder> <local_folder> -o nolock

To know which folder has the server available to mount you an ask it using:

showmount -e <IP>

You should specify to use version 2 because it doens't have any authentication or authorization.

More enumeration using RPCBind port.


mkdir /mnt/new_back
mount -t nfs [-o vers=2] /mnt/new_back -o nolock


If you mount a folder which contains files or folders only accesible by some user (by UID). You can create locally a user with that UID and using that user you will be able to access the file/folder.


To easily list, mount and change UID and GID to have access to files you can use nfsshell.

Nice NFSShell tutorial.

Config files


Privilege Escalation using NFS misconfigurations

NFS no_root_squash and no_all_squash privilege escalation