Nmap Development mailing list archives
version check in nfs-ls?
From: Daniel Miller <bonsaiviking () gmail com>
Date: Fri, 8 Apr 2011 14:24:50 -0500
Hey list, Ran across an issue with nfs-ls while scanning my HP printer (I was surprised to see that it had NFS on it!). Here's what I was seeing: $ sudo nmap --script rpcinfo -p 111,2049 -sU 192.168.1.X
Starting Nmap 5.51SVN ( http://nmap.org ) at 2011-04-08 14:12 CDT Nmap scan report for 192.168.1.X Host is up (0.00092s latency). PORT STATE SERVICE 111/udp open rpcbind | rpcinfo: | program version port/proto service | 100000 2,2,3,3 34861/udp rpcbind | 100000 2,3 34861/112 rpcbind | 100003 2 2049/112 nfs | 100003 2 2049/udp nfs | 100005 1 34862/112 mountd |_ 100005 1 34862/udp mountd 2049/udp open nfs MAC Address: 00:17:08:XX:XX:XX (Hewlett Packard) Nmap done: 1 IP address (1 host up) scanned in 0.15 seconds $ sudo nmap --script nfs-ls -p 111,2049 -sU 192.168.1.X Starting Nmap 5.51SVN ( http://nmap.org ) at 2011-04-08 14:07 CDT Nmap scan report for 192.168.1.X Host is up (0.0027s latency). PORT STATE SERVICE 111/udp open rpcbind | nfs-ls: | Arguments: | maxfiles: 10 (file listing output limited) | | NFS Export /hpmnt/dsk_ram0 |_ ERROR: versions mismatch, nfs v2 - mount v1 2049/udp open nfs MAC Address: 00:17:08:XX:XX:XX (Hewlett Packard) Nmap done: 1 IP address (1 host up) scanned in 0.22 seconds
I'm not sure why this version discrepancy matters. I found the check in nfs-ls.nse:
-- use simple chack since NFSv1 is not used anymore. if (mnt_comm.version ~= nfs_comm.version) then rpc.Helper.UnmountPath(mnt_comm, mount) return false, string.format("versions mismatch, nfs v%d - mount v%d", nfs_comm.version, mnt_comm.version) end
Commenting out this block allows the script to continue, producing this output:
$ sudo nmap --script nfs-ls -p 111,2049 -sU 192.168.1.X Starting Nmap 5.51SVN ( http://nmap.org ) at 2011-04-08 14:14 CDT Nmap scan report for 192.168.1.X Host is up (0.0019s latency). PORT STATE SERVICE 111/udp open rpcbind | nfs-ls: | Arguments: | maxfiles: 10 (file listing output limited) | | NFS Export: /hpmnt/dsk_ram0 | PERMISSION UID GID SIZE MODIFICATION TIME FILENAME | drwxrwxrwx 0 0 512 2011-04-08 10:44 /hpmnt/dsk_ram0 | drwxrwxrwx 0 0 512 2011-04-08 10:44 PJL | drwxrwxrwx 0 0 512 2011-04-08 10:44 PostScript | drwxrwx--- 0 0 512 2011-04-08 10:44 saveDevice |_ drwxrwxrwx 7 0 512 2011-04-08 10:44 webServer 2049/udp open nfs MAC Address: 00:17:08:XX:XX:XX (Hewlett Packard) Nmap done: 1 IP address (1 host up) scanned in 0.29 seconds
Anyone able to shed light on this? In what cases is this check necessary? Possibly related: I have been unable to mount the directory with mount.nfs. Dan _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- version check in nfs-ls? Daniel Miller (Apr 08)
- Re: version check in nfs-ls? Daniel Miller (Apr 08)
- Re: version check in nfs-ls? Djalal Harouni (Apr 13)
- Re: version check in nfs-ls? Djalal Harouni (Apr 13)
- Re: version check in nfs-ls? Djalal Harouni (Apr 23)
- Re: version check in nfs-ls? Daniel Miller (Apr 25)