# NFS NFS shares are configured in the /etc/exports file. Remote users can mount shares, access create, modify files. By default, created files inherit the remote user's id and group id (as owner and group respectively), even if they don't exist on the NFS server. ## Useful Commands Show the NFS server's export list: ```bash $ showmount -e <target> ``` Similar Nmap script: ```bash $ nmap -sV -script=nfs-showmount <target> ``` Mount an NFS share: ```bash $ mount -o rw,vers=2 <target>:<share> <local_directory> ``` --- ## Root Squashing Root Squashing is how NFS prevent san obvious privilege escalation. If the remote user is (or claims to be) root (uid=0), NFS will instead "squash" the user and treat them as if they are the "nobody" user, in the "nogroup" group. While this behavior is default, it can be disabled. no_root_squash is an NFS configuration option which turns root squashing off. When included in a writable share configuration, a remote user who identifies as "root" can create files on the NFS share as the local root user. The /tmp share is configured with the no_root_squash option: ![[Pasted image 20220806120644.png]] On our local machine check to see if the NFS share is available to mount: ```bash $ showmound -e <address of server> ``` ![[Pasted image 20220806120846.png]] Create a directory we can use as a mount point for the NFS share and mount the nfs share: ```bash $ mkdir /tmp/nfs $ mount -o rw,vers=2 192.168.1.25:/tmp /tmp/nfs ```