NFS stands for Network File System and it is a service that can be found in Unix systems.The purpose of NFS is to allow users to access shared directories in a network.However special effort needs to be done from system administrators in order to configure properly an NFS share.For the needs of this article we will use the Metasploitable 2 which by default has the NFS service misconfigured.

Lets say that we have scanned a system and we have discovered the NFS service running on port 2049 as we can see and from the image below:

NFS port is open
NFS port is open

 

Now we can use the command showmount -e IP in order to list the accessible shares of the remote system.

Export NFS shares
Export NFS shares

 

This means that the root directory of the remote system is shared!From the security perspective this can be catastrophic as any attacker can mount the whole directory and he can view the contents in a local directory as it can be seen in the next three following images:

mount share directory
mount share directory

 

Display the mount folder
Display the mount folder

 

Contents of root directory
Contents of root directory

 

As we can see we can view the folders of the root directory and we can of course obtain the contents of the /etc/passwd and /etc/shadow in order to have the user of the remote machine and the password hashes.

Contents of /etc/passwd
Contents of /etc/passwd

 

Contents of /etc/shadow
Contents of /etc/shadow

 

Conclusion

This article was just an example of how an NFS misconfiguration can exploited by a malicious attacker.Of course in nowadays it is difficult for a system administrator to perform these kind of mistakes but it is always good to know the commands and what to do in a situation like this especially when NFS is a subject in security related certifications.

2 Comments

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s