Lab 4: Perform NFS Enumeration

 

Lab 4: Perform NFS Enumeration


Module 04: Enumeration'

Lab 4: Perform NFS Enumeration

Task 1: Perform NFS Enumeration using RPCScan and SuperEnum



the next step after LDAP enumeration is to perform NFS enumeration to identify exported directories and extract a list of clients connected 

to the server, along with their IP addresses and shared data associated with them.



terminal 

sudo su

cd

nmap -p 2049 10.10.10.19

if nfs shows open then your good

if its closed then go to blog follow first few steps to open it on the server

cd SuperEnum

echo "10.10.10.19" >> Target.txt

./superenum

If you get an error running the ./superenum script, type chmod +x superenum and press Enter

./superenum

10.10.10.19

enter

The scan will take approximately 15-20 mins to complete.

After the scan is finished, scroll down to review the results. Note that port 2049 is open and the NFS service is running on it.

You can also observe the other open ports and the services running on them.


cd .. and press Enter 

Now, we will perform NFS enumeration using RPCScan. To do so, type cd RPCScan and press Enter

python3 rpc-scan.py [Target IP address] --rpc 

the result appears, displaying that port 2049 is open, and the NFS service is running on it.

end



Lab Scenario

As a professional ethical hacker or penetration tester, the next step after LDAP enumeration is to perform NFS enumeration to identify exported directories and extract a list of clients connected to the server, along with their IP addresses and shared data associated with them.

After gathering this information, it is possible to spoof target IP addresses to gain full access to the shared files on the server.

Lab Objectives

  • Perform NFS enumeration using RPCScan and SuperEnum

Overview of NFS Enumeration

NFS (Network File System) is a type of file system that enables computer users to access, view, store, and update files over a remote server. This remote data can be accessed by the client computer in the same way that it is accessed on the local system.

Task 1: Perform NFS Enumeration using RPCScan and SuperEnum

RPCScan communicates with RPC (remote procedure call) services and checks misconfigurations on NFS shares. It lists RPC services, mountpoints,and directories accessible via NFS. It can also recursively list NFS shares. SuperEnum includes a script that performs a basic enumeration of any open port, including the NFS port (2049).

Here, we will use RPCScan and SuperEnum to enumerate NFS services running on the target machine.

Before starting this lab, it is necessary to enable the NFS service on the target machine (Windows Server 2019). This will be done in steps 1-6.

  1. In the Windows Server 2019 machine, click the Start button at the bottom-left corner of Desktop and open Server Manager.

  2. The Server Manager main window appears. By default, Dashboard will be selected; click Add roles and features.

    Screenshot

  3. The Add Roles and Features Wizard window appears. Click Next here and in the Installation Type and Server Selection wizards.

  4. The Server Roles section appears. Expand File and Storage Services and select the checkbox for Server for NFS under the File and iSCSI Services option, as shown in the screenshot. Click Next.

    In the Add features that are required for Server for NFS? pop-up window, click the Add Features button.

    Screenshot

  5. In the Features section, click Next. The Confirmation section appears; click Install to install the selected features.

    Screenshot

  6. The features begin installing, with progress shown by the Feature installation status bar. When installation completes, click Close.

    Screenshot

  7. Having enabled the NFS service, it is necessary to check if it is running on the target system (Windows Server 2019). In order to do this, we will use Parrot Security machine.

  8. Click Parrot Security to switch to the Parrot Security machine.

  9. Click the MATE Terminal icon at the top-left corner of the Desktop window to open a Terminal window.

    233.jpg

  10. Parrot Terminal window appears. In the terminal window, type sudo su and press Enter to run the programs as a root user.

  11. In the [sudo] password for attacker field, type toor as a password and press Enter.

    The password that you type will not be visible.

  12. Now, type cd and press Enter to jump to the root directory.

    Screenshot

  13. In the terminal window, type nmap -p 2049 [Target IP Address] (in this case, 10.10.10.19) and press Enter.

  14. The scan result appears indicating that port 2049 is opened, and the NFS service is running on it, as shown in the screenshot.

    Screenshot

  15. Type cd SuperEnum and press Enter to navigate to the SuperEnum folder.

  16. Type echo "10.10.10.19" >> Target.txt and press Enter to create a file having a target machine's IP address (10.10.10.19).

    You may enter multiple IP addresses in the Target.txt file. However, in this task we are targeting only one machine, the Windows Server 2019 (10.10.10.19). The IP address may vary in your lab environment.

    3333.jpg

  17. Type ./superenum and press Enter. Under Enter IP List filename with path, type Target.txt, and press Enter.

    If you get an error running the ./superenum script, type chmod +x superenum and press Enter, then repeat Step 17.

    44444.jpg

  18. The script starts scanning the target IP address for open NFS and other.

    The scan will take approximately 15-20 mins to complete.

    Screenshot

  19. After the scan is finished, scroll down to review the results. Note that port 2049 is open and the NFS service is running on it.

    Screenshot

  20. You can also observe the other open ports and the services running on them.

  21. In the terminal window, type cd .. and press Enter to return to the root directory.

  22. Now, we will perform NFS enumeration using RPCScan. To do so, type cd RPCScan and press Enter

    a.jpg

  23. Type python3 rpc-scan.py [Target IP address] --rpc (in this case, the target IP address is 10.10.10.19, the Windows Server 2019 machine); press Enter.

    --rpc: lists the RPC (portmapper); the target IP address may differ in your lab environment.

    Screenshot

  24. The result appears, displaying that port 2049 is open, and the NFS service is running on it.

    L4T125.jpg

  25. This concludes the demonstration of performing NFS enumeration using SuperEnum and RPCScan.

  26. Close all open windows and document all the acquired information.

Comments

Post a Comment

Popular posts from this blog

Lab 1: Perform S3 Bucket Enumeration using Various S3 Bucket Enumeration Tools

Image
Lab 1: Perform S3 Bucket Enumeration using Various S3 Bucket Enumeration Tools Lab Scenario As an ethical hacker, you must try to obtain as much information as possible about the target cloud environment using various enumeration tools. This lab will demonstrate various S3 bucket enumeration tools that can help you in extracting the list of publicly available S3 buckets. Lab Objectives Enumerate S3 buckets using lazys3 Enumerate S3 buckets using S3Scanner Overview of Enumeration Tools Enumeration tools are used to collect detailed information about target systems to exploit them. Information collected by S3 enumeration tools consists of a list of misconfigured S3 buckets that are available publicly. Attackers can exploit these buckets to gain unauthorized access to them. Moreover, they can modify, delete, and exfiltrate the bucket content. Task 1: Enumerate S3 Buckets using lazys3 lazys3 is a Ruby script tool that is used to brute-force AWS S3 buckets using different permutations. This...
Read more

Lab 5: Perform Cryptanalysis using Various Cryptanalysis Tools

Image
Lab 5: Perform Cryptanalysis using Various Cryptanalysis Tools Module 20: Cryptography Lab 5: Perform Cryptanalysis using Various Cryptanalysis Tools Task 1: Perform Cryptanalysis using CrypTool CrypTool is a freeware program that enables you to apply and analyze cryptographic mechanisms, and has the typical look and  feel of a modern Windows application. CrypTool includes a multitude of state-of-the-art cryptographic functions and allows you  to both learn and use cryptography within the same environment. CrypTool is a free, open-source e-learning application used in  the implementation and analysis of cryptographic algorithms. Here, we will use the CrypTool tool to perform cryptanalysis. refer to blog  little long --------------------------------------------------------------------------------------------------------------------------------------- Module 20: Cryptography Lab 5: Perform Cryptanalysis using Various Cryptanalysis Tools Task 2: Perform Cryptanalysis us...
Read more

Task 2: Perform OS Discovery using Nmap Script Engine (NSE)

Image
  Task 2: Perform OS Discovery using Nmap Script Engine (NSE) Module 03: Scanning Networks Lab 3: Perform OS Discovery Task 2: Perform OS Discovery using Nmap Script Engine (NSE) open zenmap nmap -A [Target IP Address]   = -A: to perform an aggressive scan. nmap -O [Target IP Address]   = -O: performs the OS discovery. nmap --script smb-os-discovery.nse [Target IP Address]   = --script: specifies the customized script and smb-os-discovery.nse: attempts to determine the OS, computer name, domain, workgroup, and current time over the SMB protocol (ports 445 or 139). end Nmap, along with Nmap Script Engine (NSE), can extract considerable valuable information from the target system. In addition to Nmap commands, NSE provides scripts that reveal all sorts of useful information from the target system. Using NSE, you may obtain information such as OS, computer name, domain name, forest name, NetBIOS computer name, NetBIOS domain name, workgroup, system time o...
Read more