☕
My OSCP Journey: Tips, Tricks, and Cheat Sheets
  • Introduction
  • Network Scan
  • Services Exploitation
    • 21 - FTP
    • 25, 465, 587 - SMTP
    • 53 - DNS
    • 88 - Kerberos
    • 80, 443 - HTTP/S
    • 110, 995 - POP
    • 111 - NFS/RPC
    • 135, 593 - MSRPC
    • 139, 445 - SMB
    • 143, 993 - IMAP
    • 161 - SNMP
    • 389, 636, 3268, 3269 - LDAP
    • 3306 - Mysql
    • 5432 - Postgres
    • 27017 - MongoDB
  • Web Application Attacks
    • SQL Injection
    • File Inclusion Vulnerabilty
    • Command Injection
    • Client-Side Attacks
  • Brute Forcing
  • Privilege Escalation
    • Manual Enumeration
      • Windows Enumeration
      • Linux Enumeration
    • Windows Privesc
    • Linux Privesc
  • Active Directory
    • AD Manual Enumeration
    • AD Automatic Enumeration
    • AD Authentication
    • AD Lateral Movement
    • AD Attacking Kerberos
    • Hash Cracking Techniques
  • Transfer Files
    • Windows Downloads
    • Windows Uploads
  • Shells
    • Reverse/Bind Shells
    • Web Shells
Powered by GitBook
On this page

Was this helpful?

Edit on GitHub
  1. Services Exploitation

111 - NFS/RPC

scanning for

nmap -v -p 111 10.11.1.1-254

search for nmap NSE scripts

ls -1 /usr/share/nmap/scripts/nfs*
    /usr/share/nmap/scripts/nfs-ls.nse
    /usr/share/nmap/scripts/nfs-showmount.nse
    /usr/share/nmap/scripts/nfs-statfs.nse

nmap NSE script

nmap -sV -p 111 --script=rpcinfo 10.11.1.1-254
nmap -p 111 --script nfs* 10.11.1.72

mount a share

mkdir <local_folder>
sudo mount -o nolock 10.11.1.72:<remote_folder> <local_folder>
cd <local_folder> && ls

mount a share downgrading NFS version

sudo mount -t nfs -o vers=3 <ip>:<remote_folder> <local_folder> -o nolock
Previous110, 995 - POPNext135, 593 - MSRPC

Last updated 2 years ago

Was this helpful?