SHOWMOUNT

Previous page
Table of content
Next page

Using rpcinfo, you might be able to find a vulnerable NFS rpc.statd application to exploit. But why go to all that trouble if the victim's NFS is already misconfigured to begin with?

Some system administrators aren't smart with the NFSs they export. Some will even unknowingly export their file systems with full read/write permissions, just waiting for a hacker on the Internet to discover them.

The showmount command lets us see what file systems are available on a particular NFS server.

Implementation

This command shows all the currently mounted directories on the NFS server as well as the hostnames of the clients that have mounted them: 

 showmount -a hostname

The -d flag is similar to -a , but it does not list the client hostnames: 

 showmount -d hostname

The most popular format of the command, this command shows the mount points that are exported and available for mounting over NFS: 

 showmount -e hostname

Sample Output

Here's an example of the currently mounted directories on the originix system: 

 # showmount -e originix Export list for 192.168.1.100: /     (everyone) /boot (everyone)

For the benefit of this example, we've carelessly exported all of our files so anyone in the world can mount our root and boot partitions. We can mount either of these exports to a local mount point on our system by issuing the command mount 192.168.1.100:/boot/ path /to/remote-boot . This maps the directory /path/to/remote-boot on our system to the /boot directory on 192.168.1.100. Unfortunately, we won't know if the access is read-only or read/write until we mount the share, but we've got access nonetheless. If we see a hostname or IP address in the output instead of "everyone," it might be a little trickier as we'd need to find a way to spoof that hostname or IP address.

Caution 

Be careful using NFS. If you carelessly export a drive to the world and give read/write access to all, anyone in the world who finds your export will be able to write whatever they want to your drive and image a copy for themselves . In almost all cases, exported file systems should never be mountable with read and write permissions without some kind of access control. NFS traffic should be blocked at the firewall to limit the number of people poking around your exports. If you really need the ability to share remote file systems across the Internet, AFS provides a great deal more security.


Previous page
Table of content
Next page
Anti-Hacker Tool Kit
Anti-Hacker Tool Kit, Third Edition
ISBN: 0072262877
EAN: 2147483647
Year: 2006
Pages: 175
Authors: Mike Shema, Chris Davis, David Cowen
BUY ON AMAZON
Inside Network Security Assessment: Guarding Your IT Infrastructure
The .NET Developers Guide to Directory Services Programming
A Practitioners Guide to Software Test Design
Developing Tablet PC Applications (Charles River Media Programming)
Twisted Network Programming Essentials
Microsoft VBScript Professional Projects
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy