killchain-compendium/Enumeration/rsync.md

43 lines
797 B
Markdown
Raw Normal View History

2022-11-13 01:16:26 +01:00
# rsync
* [netspi article]( https://www.netspi.com/blog/technical/network-penetration-testing/linux-hacking-case-studies-part-1-rsync/)
* [hacktricks' rsync](https://book.hacktricks.xyz/pentesting/873-pentesting-rsync)
## Enumerate
```sh
rsync <target-IP>::
rsync <target-IP>::files
rsync <target-IP>::files/foo/
```
2022-12-28 18:02:39 +01:00
2022-11-13 01:16:26 +01:00
### via netcat
2022-12-28 18:02:39 +01:00
2022-11-13 01:16:26 +01:00
* Another way is the following
```sh
nc -vn $TARGET_IP 873
```
* Repeat the identical handshake, e.g.
```
@RSYNCD: 31.0
```
* List all directories
```sh
#list
```
## Downloads
```sh
rsync <user>@<target-IP>::/files/foo/bar.txt .
rsync -r <user>@<target-IP>::/files/foo .
```
2022-12-28 18:02:39 +01:00
Use no credentials at all to connect anonymously.
2022-11-13 01:16:26 +01:00
## Uploads
```sh
rsync authorized_keys <user>@<target-IP>::/files/foo/.ssh/
rsync -r documents <user>@<target-IP>::/files/foo/
```