NFS | Notion

Its purpose is to access file systems over a network as if they were local.
NFS doesn’t handle authentication or authorization directly. Instead, it relies on the RPC protocol to authenticate who you are. The server then checks the file system’s UNIX-style permissions to decide what actions you’re allowed to perform based on your identity. So, NFS uses RPC for authentication and the file system for authorization.

Version	Features
`NFSv2`	It is older but is supported by many systems and was initially operated entirely over UDP.
`NFSv3`	It has more features, including variable file size and better error reporting, but is not fully compatible with NFSv2 clients.
`NFSv4`	It includes Kerberos, works through firewalls and on the Internet, no longer requires portmappers, supports ACLs, applies state-based operations, and provides performance improvements and high security. It is also the first version to have a stateful protocol.

Default Configuration

/etc/eports file contains table of physical filesystems on an NFS server

https://manpages.ubuntu.com/manpages/trusty/man5/exports.5.html

darkness215@htb[/htb]$ cat /etc/exports 

# /etc/exports: the access control list for filesystems which may be exported
#               to NFS clients.  See exports(5).
#
# Example for NFSv2 and NFSv3:
# /srv/homes       hostname1(rw,sync,no_subtree_check) hostname2(ro,sync,no_subtree_check)

The default exports file also contains some examples of configuring NFS shares. First, the folder is specified and made available to others, and then the rights they will have on this NFS share are connected to a host or a subnet. Finally, additional options can be added to the hosts or subnets.

Option	Description
`rw`	Read and write permissions.
`ro`	Read only permissions.
`sync`	Synchronous data transfer. (A bit slower)
`async`	Asynchronous data transfer. (A bit faster)
`secure`	Ports above 1024 will not be used.
`insecure`	Ports above 1024 will be used.
`no_subtree_check`	This option disables the checking of subdirectory trees.
`root_squash`	Assigns all permissions to files of root UID/GID 0 to the UID/GID of anonymous, which prevents `root` from accessing files on an NFS mount.

ExportFS

echo '/mnt/nfs  10.129.14.0/24(sync,no_subtree_check)' >> /etc/exports
systemctl restart nfs-kernel-server 
exportfs

/mnt/nfs      	10.129.14.0/24

The shared folder /mnt/nfs is accessible to all hosts within the 10.129.14.0/24 subnet, allowing them to mount and view its contents.

Footprinting the Service

When footprinting NFS, the TCP ports 111 and 2049 are essential. We can also get information about the NFS service and the host via RPC,

 sudo nmap --script nfs* 10.129.14.128 -sV -p111,2049