Port 111/tcp - RPCBind

Provides information between Unix based systems. Port is often probed, it can be used to fingerprint the Nix OS, and to obtain information about available services. Port used with NFS, NIS or others..

Enumeration

We can enumerate RPCBind service with rpcinfo or nmap:

rpcinfo ip-addr
nmap -sSUC -p 111 ip-addr

Example output of rpcinfo:

program version netid     address                service    owner
    100000    4    tcp6      ::.0.111               portmapper superuser
    100000    3    tcp6      ::.0.111               portmapper superuser
    100000    4    udp6      ::.0.111               portmapper superuser
    100000    3    udp6      ::.0.111               portmapper superuser
    100000    4    tcp       0.0.0.0.0.111          portmapper superuser
    100000    3    tcp       0.0.0.0.0.111          portmapper superuser
    100000    2    udp       0.0.0.0.0.111          portmapper superuser
    100000    4    local     /run/rpcbind.sock      portmapper superuser
    100000    3    local     /run/rpcbind.sock      portmapper superuser
    100005    1    udp       0.0.0.0.128.213        mountd     superuser
    100005    1    tcp       0.0.0.0.208.235        mountd     superuser
    100005    1    udp6      ::.163.28              mountd     superuser
    100005    1    tcp6      ::.183.211             mountd     superuser
    100005    2    udp       0.0.0.0.190.193        mountd     superuser
    100005    2    tcp       0.0.0.0.188.127        mountd     superuser
    100005    2    udp6      ::.233.215             mountd     superuser
    100005    2    tcp6      ::.165.45              mountd     superuser
    100005    3    udp       0.0.0.0.130.78         mountd     superuser
    100005    3    tcp       0.0.0.0.148.209        mountd     superuser
    100005    3    udp6      ::.150.143             mountd     superuser
    100005    3    tcp6      ::.217.45              mountd     superuser
    100003    2    tcp       0.0.0.0.8.1            nfs        superuser
    100003    3    tcp       0.0.0.0.8.1            nfs        superuser
    100003    4    tcp       0.0.0.0.8.1            nfs        superuser
    100227    2    tcp       0.0.0.0.8.1            -          superuser
    100227    3    tcp       0.0.0.0.8.1            -          superuser
    100003    2    udp       0.0.0.0.8.1            nfs        superuser
    100003    3    udp       0.0.0.0.8.1            nfs        superuser
    100003    4    udp       0.0.0.0.8.1            nfs        superuser
    100227    2    udp       0.0.0.0.8.1            -          superuser
    100227    3    udp       0.0.0.0.8.1            -          superuser
    100003    2    tcp6      ::.8.1                 nfs        superuser
    100003    3    tcp6      ::.8.1                 nfs        superuser
    100003    4    tcp6      ::.8.1                 nfs        superuser
    100227    2    tcp6      ::.8.1                 -          superuser
    100227    3    tcp6      ::.8.1                 -          superuser
    100003    2    udp6      ::.8.1                 nfs        superuser
    100003    3    udp6      ::.8.1                 nfs        superuser
    100003    4    udp6      ::.8.1                 nfs        superuser
    100227    2    udp6      ::.8.1                 -          superuser
    100227    3    udp6      ::.8.1                 -          superuser
    100021    1    udp       0.0.0.0.167.136        nlockmgr   superuser
    100021    4    tcp       0.0.0.0.174.121        nlockmgr   superuser
    100021    1    udp6      ::.164.129             nlockmgr   superuser
    100021    1    tcp6      ::.130.83              nlockmgr   superuser

NFS

If you find the service NFS then probably you will be able to list and download(and maybe upload) files:

nmap -p 2049 -sV --script nfs-\* ip-addr
showmount -e ip-addr

After finding the nfs folder we can mount these shares in our filesystem:

sudo mount -o nolock -t nfs [-o vers=2] <ip-addr>:<remote_folder> <local_folder>

More info in:

PORT 2049/tcp - NFS

References:

PreviousPort 80,443/tcp - HTTPNextPORT 143,993/tcp - IMAP

Last updated