Network File System allows you mount and access files on a remote system as if they were on your local machine. RPC binds to 111 and you can use that port to enumerate other services using rpc (rpc-info script)
You can then use the nmap scripts to gather as much info on the nfs side as possible.
nmap -p 111 --script nfs* $IP
Then you can mount the shared drive to your own machine and dig into it.
sudo mount -o nolock $IP:/$shareDirectory $localMount
If you cannot access the file:
- you may need to check what UUID is allowed to view the file:
ls -l
- And then create a new user on your local machine:
adduser
- Change the UUID of the newly created user:
sudo sed -i -e 's/[CURRENTUUID]/[NEWUUID]/g' /etc/passwd
- Check and make sure the command ran properly:
cat /etc/passwd|grep $user
suto the new user and read away.
Useful nmap scripts: rpc-info.se nfs-ls.se nfs-showmount.se nfs-statfs.se