# NFS Isn’t Just File Sharing — It’s RPC in Disguise

<figure><img src="/files/yeJP24vs02HWbUThqtWE" alt=""><figcaption></figcaption></figure>

While rooting the **Irked** box on Hack The Box, I went down a rabbit hole that started with a simple NFS share… and ended with a deeper understanding of the protocols that keep it alive.

You see, most people (including me, once) treat **NFS** like some magical file sharing service.

📂 “Just mount the share and get the loot,” right?

Wrong.

Here's the twist:\
**NFS is entirely dependent on Remote Procedure Call (RPC)** under the hood.

🔍 When you attempt to mount an NFS export:

* Your system doesn’t talk to the NFS server directly.
* It first contacts `rpcbind` to discover which random ports the NFS services (`mountd`, `nfsd`, `lockd`, etc.) are listening on.
* Each service handles a different part of the operation — mounting, file locking, recovery — all orchestrated over dynamic ports discovered via RPC.

Without RPC?\
🚫 NFS can’t find its own legs. You’ll be stuck in limbo with cryptic errors and no mount in sight.

🔥 In Irked, understanding this architecture helped me:

* Identify exposed NFS services
* Mount the right exports
* Avoid red herrings during privilege escalation

💡 Takeaway: If you’re pentesting or securing a Linux environment, **never treat NFS as just file sharing**.\
It’s a web of RPC calls, port negotiation, and daemons whispering across the network.

Next time NFS throws an error, remember:

> “It’s not the NFS that failed. It’s the gods of RPC you forgot to please.”

## References

* <https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/4/html/reference_guide/ch-nfs>


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.wehost.co.in/blog/nfs-isnt-just-file-sharing-its-rpc-in-disguise.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.