NFSShell is neat little tool that allows user level access to an NFS server and its NFS shares. It can be used by penetration testers to exploit known issues with the NFS Service typically associated with the port 2049/tcp. A whole host of vulnerabilities are associated with an NFS share being exposed.
The screenshot below shows several simple steps I took to view an NFS share available to mount on the 192.168.0.16 host. I then used the NFSShell tool to export and mount the shares to view the files hosted on the exposed share.
If you have ever Googled for instructions on how to install NFSShell on Ubuntu you might have noticed there aren’t a lot of references on how to do this easily. I found a small number of references online that provide installation instructions but they didn’t work well for me, although I was able to use them as a starting point. With a bit of tweaking this is what worked for me:
Platforms tested:
- Ubuntu 12.04 32bit
- Backtrack 5 R3 32bit.
Pop open a terminal and input the following commands:
1 2 3 4 5 6 | sudo apt-get install libtirpc-dev libncurses-dev wget http://www.cs.vu.nl/pub/leendert/nfsshell.tar.gz tar zxvf nfsshell.tar.gz cd nfs sudo ln -s /usr/include/tirpc/rpc/clnt_soc.h /usr/include/rpc/clnt_soc.h perl -p -i.orig -e 's/getline/getline_nfs/' nfs.c |
Changing some text in the Makefile
Before you can run the make file and install NFSShell you need to make some changes. In your terminal enter:
nano Makefile |
Comment the four lines following:
# uncomment the following 4 lines for Solaris 2.x |
Then, uncomment the 3 lines following:
# uncomment the following 3 lines for linux (tested on 2.0.33/redhat 5) |
To complete the process run the newly amended make file by entering the following into your terminal window:
make |
Provided there are no errors, you have successfully compiled NFSShell. To test to see if your tool is working, type the following in your terminal whilst inside the nfs folder:
./nfs |