RPC 111

#banner grab

nc -nv 10.11.1.72 111

#NMAP

nmap -sV --script=nfs-* 192.168.101.130
nmap -sSUC -p 111 10.10.10.10
nmap -v -p 111 10.11.1.1-254
nmap -sV -p 111 --script=rpcinfo 10.11.1.1-254

#rpcbind

rpcbind -p 192.168.1.101

#rpcinfo

rpcinfo -p 192.168.101.130

#Null session

rpcclient -U "" -N 10.11.1.5

#If connection is successful try:
srvinfo
enumdomusers
enumprivs
enumalsgroups domain
lookupnames administrators
querydominfo
enumdomusers
queryuser redcliff

#Mount NFS shares

showmount -e 10.10.10.10
Then:
sudo mkdir home
sudo mount -o nolock 10.10.10.10:/home ~/home
cd home/ && ls