Port 111/135 – RPC/MSRPC
How to enumerate port 111/135 (RPC/MSRPC)
Remote Procedure Call (RPC) is a protocol that one program can use to request a service from a program located in another machine on a network without having to understand the network’s details. A procedure call is also sometimes known as a function call or a subroutine call.
#run all nfs scripts nmap -sV --script=nfs-* 192.168.1.101
The rpcbind utility is a server that converts RPC program numbers into universal addresses. It must be running on the host to be able to make RPC calls on a server on that machine.
rpcbind -p 192.168.1.101
Probe rpcbind on host using version 2 of the rpcbind protocol, and display a list of all registered RPC programs. If host is not specified, it defaults to the local host. Note that version 2 of the rpcbind protocol was previously known as the portmapper protocol.
rpcinfo -p 192.168.1.101
rpcclient is a utility initially developed to test MS-RPC functionality in Samba itself. It has undergone several stages of development and stability. Many system administrators have now written scripts around it to manage Windows NT clients from their UNIX workstation.
rpcclient --I 192.168.1.101
Enumerate NFS Shares:
showmount -e 192.168.1.101
Mount NFS Share:
mount -t nfs 192.168.1.101:/home/machine /tmp/mnt -nolock