# Ports 2049 | NFS ### Enumeration ```bash nmap --script nfs-ls,nfs-showmount,nfs-statfs showmount -e # Metasploit use auxiliary/scanner/nfs/nfsmount ``` In the example below `nmap` has identified `/home/simon *` as being mountable. The asterisk dictates any address can mount this file path. ![](https://1600278159-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MFlgUPYI8q83vG2IJpI%2Fuploads%2Fgit-blob-b19e33cb8dc9427c6bfe5d1b91c46d3e5f52b25d%2Fimage.png?alt=media) ### Mounting To mount an export first create a directory on the attacking machine. ```markup sudo mkdir /mount/ ``` Then use the command below to mount to the directory just created. ```markup sudo mount -t nfs : /mount/ -o nolock ``` ![](https://1600278159-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MFlgUPYI8q83vG2IJpI%2Fuploads%2Fgit-blob-9f92a1cf200d416f87b68c76d253ff1a050227db%2Fimage.png?alt=media) ### Mount Confirmation Running the command mount will list available mounted paths. Using grep we can filter for relevant paths. ```markup mount ``` ![](https://1600278159-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MFlgUPYI8q83vG2IJpI%2Fuploads%2Fgit-blob-399a5ca0996da45f913202be15f9f1e4c3059a8a%2Fimage.png?alt=media) --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://viperone.gitbook.io/pentest-everything/everything/ports/ports-2049-nfs.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.