<summary><strong>htARTE (HackTricks AWS Red Team Expert)</strong><ahref="https://training.hacktricks.xyz/courses/arte"><strong>!HackTricks AWS Red Team Expert</strong></a><strong>!</strong></summary>
* If you want to see your **company advertised in HackTricks** or **download HackTricks in PDF** Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/hacktricks_live)**.**
* **Share your hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
RPCbind is a service that maps RPC (Remote Procedure Call) program numbers to network addresses. It is commonly used in Unix-like operating systems to manage RPC services.
To enumerate RPCbind, you can use the `rpcinfo` command. This command allows you to query the RPCbind service for information about registered RPC programs.
To list all the registered RPC programs, you can run the following command:
Replace `<target_ip>` with the IP address of the target machine.
The output will display the program number, version number, transport protocol, and program name for each registered RPC program.
#### Exploiting RPCbind
RPCbind can be exploited in various ways, such as:
- **Port scanning**: RPCbind can be used to identify open ports on a target machine. By querying RPCbind on different ports, you can determine which ports are open and potentially vulnerable.
- **Denial of Service (DoS)**: RPCbind can be targeted with a DoS attack by flooding it with a large number of requests. This can overwhelm the service and cause it to become unresponsive.
- **Information disclosure**: RPCbind can sometimes leak sensitive information, such as the names of registered RPC programs or the IP addresses of the machines running those programs. This information can be useful for further exploitation.
#### Mitigating RPCbind vulnerabilities
To mitigate vulnerabilities associated with RPCbind, you can take the following steps:
- **Disable unnecessary RPC services**: If you are not using RPC services, it is recommended to disable them to reduce the attack surface.
- **Filter RPC traffic**: Use firewalls or network access control lists (ACLs) to restrict RPC traffic to trusted sources only.
- **Keep RPCbind up to date**: Regularly update RPCbind to ensure that any known vulnerabilities are patched.
- **Monitor RPCbind activity**: Monitor RPCbind logs for any suspicious activity or unauthorized access attempts.
#### Conclusion
RPCbind is a commonly used service in Unix-like operating systems. By enumerating and understanding its vulnerabilities, you can better secure your systems and protect against potential attacks.
When conducting a **nmap scan** and discovering open NFS ports with port 111 being filtered, direct exploitation of these ports is not feasible. However, by **simulating a portmapper service locally and creating a tunnel from your machine** to the target, exploitation becomes possible using standard tools. This technique allows for bypassing the filtered state of port 111, thus enabling access to NFS services. For detailed guidance on this method, refer to the article available at [this link](https://medium.com/@sebnemK/how-to-bypass-filtered-portmapper-port-111-27cee52416bc).
Portmapper is a service that is utilized for mapping network service ports to RPC (Remote Procedure Call) program numbers. It acts as a critical component in Unix-based systems, facilitating the exchange of information between these systems. The port associated with Portmapper is frequently scanned by attackers as it can reveal valuable information. This information includes the type of Unix Operating System (OS) running and details about the services that are available on the system. Additionally, Portmapper is commonly used in conjunction with NFS (Network File System), NIS (Network Information Service), and other RPC-based services to manage network services effectively.
<summary><strong>Learn AWS hacking from zero to hero with</strong><ahref="https://training.hacktricks.xyz/courses/arte"><strong>htARTE (HackTricks AWS Red Team Expert)</strong></a><strong>!</strong></summary>
* If you want to see your **company advertised in HackTricks** or **download HackTricks in PDF** Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/hacktricks_live)**.**
* **Share your hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
