111 - Pentesting rpc

RPC stands for Remote Procedure Call, a protocol for making requests to a remote computer system, typically in order to execute a function or retrieve some data. An RPC is initiated by a client and sent to a server, which processes the request and returns a response. The client and server communicate using a defined interface and message format, allowing them to exchange data and coordinate their activities.

nmap

sudo nmap -sS -sC -sV -p 111 $IP
sudo nmap -sS -sU -sC -sV -p 111 $IP

sudo nmap -p 111 --script=rpcinfo $IP
sudo nmap -p 111 --script=nfs-ls $IP
sudo nmap -p 111 --script=nfs-statfs $IP
sudo nmap -p 111 --script=nfs-showmount $IP

rpcinfo

rpcinfo $IP

rpcclient

rpcclient -U "" -N $IP
|<- enumdomusers

showmount

showmount -e $IP

mount folder

sudo mkdir /tmp/target_dir
sudo mount $IP:/home/user /tmp/target_dir/
sudo umount /tmp/target_dir

mount nfs resource (v1)

service rpcbind start

mkdir /tmp/target
sudo mount -t nfs 10.0.2.5:/ /tmp/target
cd /tmp/target
sudo umount /tmp/target

mount nfs resource (v2)

mkdir home_shared
sudo mount -o nolock 10.11.1.32:/home ~/home_shared/