Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: version check in nfs-ls?

From: Djalal Harouni <tixxdz () opendz org>
Date: Thu, 14 Apr 2011 00:59:37 +0100
On 2011-04-08 14:24:50 -0500, Daniel Miller wrote:

Hey list,

Ran across an issue with nfs-ls while scanning my HP printer (I was
surprised to see that it had NFS on it!). Here's what I was seeing:

$ sudo nmap --script rpcinfo -p 111,2049 -sU 192.168.1.X


Starting Nmap 5.51SVN ( http://nmap.org ) at 2011-04-08 14:12 CDT
Nmap scan report for 192.168.1.X
Host is up (0.00092s latency).
PORT     STATE  SERVICE
111/udp  open   rpcbind
| rpcinfo:
|   program version   port/proto  service
|   100000  2,2,3,3    34861/udp  rpcbind
|   100000  2,3        34861/112  rpcbind
|   100003  2           2049/112  nfs
|   100003  2           2049/udp  nfs
|   100005  1          34862/112  mountd
|_  100005  1          34862/udp  mountd
2049/udp open  nfs
MAC Address: 00:17:08:XX:XX:XX (Hewlett Packard)

Nmap done: 1 IP address (1 host up) scanned in 0.15 seconds
$ sudo nmap --script nfs-ls -p 111,2049 -sU 192.168.1.X

Starting Nmap 5.51SVN ( http://nmap.org ) at 2011-04-08 14:07 CDT
Nmap scan report for 192.168.1.X
Host is up (0.0027s latency).
PORT     STATE  SERVICE
111/udp  open   rpcbind
| nfs-ls:
|   Arguments:
|     maxfiles: 10 (file listing output limited)
|
|   NFS Export /hpmnt/dsk_ram0
|_  ERROR: versions mismatch, nfs v2 - mount v1
2049/udp open  nfs
MAC Address: 00:17:08:XX:XX:XX (Hewlett Packard)

Nmap done: 1 IP address (1 host up) scanned in 0.22 seconds



I'm not sure why this version discrepancy matters. I found the check in
nfs-ls.nse:


  -- use simple chack since NFSv1 is not used anymore.
  if (mnt_comm.version ~= nfs_comm.version) then
    rpc.Helper.UnmountPath(mnt_comm, mount)
    return false, string.format("versions mismatch, nfs v%d - mount v%d",
                                nfs_comm.version, mnt_comm.version)
  end



Commenting out this block allows the script to continue, producing this
output:


$ sudo nmap --script nfs-ls -p 111,2049 -sU 192.168.1.X

Starting Nmap 5.51SVN ( http://nmap.org ) at 2011-04-08 14:14 CDT
Nmap scan report for 192.168.1.X
Host is up (0.0019s latency).
PORT     STATE SERVICE
111/udp  open  rpcbind
| nfs-ls:
|   Arguments:
|     maxfiles: 10 (file listing output limited)
|
|   NFS Export: /hpmnt/dsk_ram0
|     PERMISSION  UID  GID  SIZE  MODIFICATION TIME  FILENAME
|     drwxrwxrwx  0    0    512   2011-04-08 10:44   /hpmnt/dsk_ram0
|     drwxrwxrwx  0    0    512   2011-04-08 10:44   PJL
|     drwxrwxrwx  0    0    512   2011-04-08 10:44   PostScript
|     drwxrwx---  0    0    512   2011-04-08 10:44   saveDevice
|_    drwxrwxrwx  7    0    512   2011-04-08 10:44   webServer
2049/udp open  nfs
MAC Address: 00:17:08:XX:XX:XX (Hewlett Packard)

Nmap done: 1 IP address (1 host up) scanned in 0.29 seconds



Anyone able to shed light on this? In what cases is this check necessary?

Hi Dan,

Since the user can use the 'mount.version' and 'nfs.version' to specify
which versions to use, I've added these checks to avoid failures (NFSv3
works only with Mount v3), but it seems that I've missed Mount v1 (too old).

I'll try to do more tests early next week and get back to you, thx.

-- 
tixxdz
http://opendz.org
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: