NFS

Portmapper and RPCbind run on TCP port 111.

Scaning for NSF

Scan with nmap:

nmap -v -p 111 <ip>-254

Scan with NSE script like rpcinfo:

nmap -sV -p 111 --script=rpcinfo <ip>-254

Collecting details on NSF target

NSE scripts:

nmap -p 111 --script nfs* <ip>

Which might return something like this:

PORT    STATE SERVICE
111/tcp open  rpcbind
| nfs-showmount:
|_  /home <ip>/255.255.0.0

This means we can mount /home on our local host.

Mounting an NSF on your local machine

mkdir <new-dir>
sudo mount -o nolock <ip>:/home <new-dir>

Mounting with NFS version 3:

sudo mount -t nfs -o nolock,nfsvers=3 <ip>:/home <new-dir>

Things to do once you're in

Check the permissions. Try to get the user id and group of permissions, create a new user and change to match both ids. This should give you permission to those files.