111 - rpcbind
Introduction
Port: 111 (TCP)
Remote Procedure Call (RPC) is an inter-process communication technique to allow client and server software to communicate on a network. Rpcbind accepts port reservations from local RPC services. These ports are then made available so the corresponding remote RPC services can access them. Then, the rpcbind service responds to requests for RPC services and sets up connections to the requested RPC service. For instance, NFS is an RPC service.
Enumeration
Enumerating port 111, you can find Network File System (NFS) mounts, therefore you can access the machine's internal file system.
sudo nmap -sC -sC -p 111 <TARGET>
111/tcp open rpcbind 2-4 (RPC #100000)
| rpcinfo:
| program version port/proto service
[...]
| 100003 2,3 2049/udp nfs
| 100003 2,3 2049/udp6 nfs
| 100003 2,3,4 2049/tcp nfs
| 100003 2,3,4 2049/tcp6 nfs
| 100005 1,2,3 2049/tcp mountd
| 100005 1,2,3 2049/tcp6 mountd
| 100005 1,2,3 2049/udp mountd
| 100005 1,2,3 2049/udp6 mountd
[...]
rpcinfo <TARGET>
In order to list the mounts available you can use showmount.
showmount -e <TARGET>
Then, you can mount the shared folder on your machine.
mount -t nfs <TARGET>:<REMOTE_FOLDER> <LOCAL_FOLDER> -o nolock
References
Last updated