hands-on lab

Exploiting Vulnerable Network File System (NFS) Shares

Up to 30m
Get guided in a real environmentPractice with a step-by-step scenario in a real, provisioned environment.
Learn and validateUse validations to check your solutions every step of the way.
See resultsTrack your knowledge and monitor your progress.
Lab description

Network File System (NFS) is a convenient way to share files over a network providing centralized management. However, NFS can be difficult to secure and is most viable within trusted networks. This Lab illustrates how easy it can be for an attacker to discover and exploit an insecure NFS file share. 

You will use Kali Linux as the platform for launching the attack. Kali Linux includes a variety of security analysis tools by default. The target is a Metasploitable 2 Linux host. Both hosts are running as virtual machines in a Hyper-V virtual environment.

This Lab is designed for the CREST Practitioner Security Analyst (CPSA) certification examination but is of value to security practitioners in general.

Learning Objectives

Upon completion of this Lab you will be able to:

  • Scan remote systems for NFS access using Nmap
  • Mount NFS shares on Linux
  • Learn about the kinds of sensitive information attackers may target
  • Describe the options available for securing NFS shares when they must be used

Intended Audience

This Lab is intended for:

  • CREST CPSA certification examinees
  • Security practitioners
  • System administrators


You should be familiar with:

  • Working at the command-line in Linux

You can fulfill the prerequisites by completing the Linux Command Line Byte Session Learning Path.


October 18th, 2021 - Provided a workaround for the Kali keyring being outdated

July 10th, 2020 - Enabled direct browser RDP connection for a streamlined experience


Environment before
Environment after
About the author
Logan Rakai, opens in a new tab
Lead Content Developer - Labs
Learning paths

Logan has been involved in software development and research since 2007 and has been in the cloud since 2012. He is an AWS Certified DevOps Engineer - Professional, AWS Certified Solutions Architect - Professional, Microsoft Certified Azure Solutions Architect Expert, MCSE: Cloud Platform and Infrastructure, Google Cloud Certified Associate Cloud Engineer, Certified Kubernetes Security Specialist (CKS), Certified Kubernetes Administrator (CKA), Certified Kubernetes Application Developer (CKAD), and Certified OpenStack Administrator (COA). He earned his Ph.D. studying design automation and enjoys all things tech.

LinkedIn, Twitter, GitHub

Covered topics
Lab steps
Exploiting Vulnerable Network File System (NFS) Shares