Skip to main content

NFS (Network File System) Pentesting

NFS (Network File System)

Default Port: 2049 NFS (Network File System) is a protocol that provides shared file system services on a computer network. NFS allows a server to share directories and files, which can then be mounted on client machines over the network.

NFS operates on a server-client model, where the server shares file systems and clients can use these shared files.


Connecting to NFS Shares

Mounting NFS shares is typically done using the mount command. For example:

mount -t nfs X.X.X.X:/path/to/share /mnt/nfs

This command mounts the share located at /path/to/share on the server with IP address X.X.X.X to the /mnt/nfs directory.

Listing NFS Shares

The showmount command can be used to list the shares on a server:

showmount -e X.X.X.X


Discovering NFS Shares

Tools like Nmap can be used to discover NFS shares on a target host. For example:

nmap -p 2049 X.X.X.X

Exploiting NFS Shares

Mounting NFS shares can reveal sensitive information and potentially lead to unauthorized access if proper access controls are not in place.

Attack Vectors

Unauthorized Access to NFS Shares

Unauthorized access to NFS shares allows an attacker to access and even modify sensitive data over the network. This poses a significant risk if proper authorization is not enforced.

Compromising NFS Servers

Compromising an NFS server grants an attacker full access to files on the server. This enables access to sensitive data and can even be used as a pivot point to further compromise other devices on the network.

NFS Brute Force Attacks

Brute force attacks to gain access to NFS servers are a common tactic. When authorization is weak, attackers can use this method to crack passwords and gain access to the server.


Permission on NFS Servers

After a successful breach, attackers can gain full access to files on the server. This provides access to sensitive information and can lead to further targeted attacks or data exfiltration.

Information Exfiltration

Files on NFS servers often contain sensitive information. After a successful attack, retrieving these files and using the information therein allows attackers to further their goals or leak information.