111 - rpcbind

Introduction

Port: 111 (TCP)

Remote Procedure Call (RPC) is an inter-process communication technique to allow client and server software to communicate on a network. Rpcbind accepts port reservations from local RPC services. These ports are then made available so the corresponding remote RPC services can access them. Then, the rpcbind service responds to requests for RPC services and sets up connections to the requested RPC service. For instance, NFS is an RPC service.

Enumeration

Enumerating port 111, you can find Network File System (NFS) mounts, therefore you can access the machine's internal file system.

sudo nmap -sC -sC -p 111 <TARGET>
111/tcp   open  rpcbind       2-4 (RPC #100000)                        
| rpcinfo:         
|   program version    port/proto  service
[...]                         
|   100003  2,3         2049/udp   nfs                                         
|   100003  2,3         2049/udp6  nfs                                         
|   100003  2,3,4       2049/tcp   nfs
|   100003  2,3,4       2049/tcp6  nfs                                         
|   100005  1,2,3       2049/tcp   mountd    
|   100005  1,2,3       2049/tcp6  mountd
|   100005  1,2,3       2049/udp   mountd
|   100005  1,2,3       2049/udp6  mountd
[...]
rpcinfo  <TARGET>

In order to list the mounts available you can use showmount.

showmount -e <TARGET>

Then, you can mount the shared folder on your machine.

mount -t nfs <TARGET>:<REMOTE_FOLDER> <LOCAL_FOLDER> -o nolock

References

Last updated 2 years ago