Skip to content

111 - Pentesting rpc

Enumeration

rpcinfo $IP
sudo nmap -sS -sC -sV -p 111 $IP
sudo nmap -sS -sU -sC -sV -p 111 $IP

User Enumeration

rpcclient -U "" -N $IP
$> enumdomusers

Scripts

nmap -p 111 --script=rpcinfo $IP
nmap -p 111 --script=nfs-ls $IP
nmap -p 111 --script=nfs-statfs $IP
nmap -p 111 --script=nfs-showmount $IP
rpcinfo -p $IP
showmount -e $IP

mount folder

sudo mkdir /mnt/target_dir
sudo mount $IP:/home/user /mnt/target_dir/

mount nfs resource (v1)

service rpcbind start
mkdir /tmp/target
sudo mount -t nfs 10.0.2.5:/ /tmp/target
cd /tmp/target
sudo umount /tmp/target

mount nfs resource (v2)

mkdir home_shared
sudo mount -o nolock 10.11.1.32:/home ~/home_shared/