From 1bd88497c130003d0377b5198134e599d89dc1ba Mon Sep 17 00:00:00 2001 From: whackx Date: Sun, 13 Aug 2023 22:57:52 +0200 Subject: [PATCH] added information --- Enumeration/NFS.md | 41 ++++++++++++++++++++++++++++++++++++----- Enumeration/rsync.md | 41 +++++++++++++++++++++++++++++++---------- 2 files changed, 67 insertions(+), 15 deletions(-) diff --git a/Enumeration/NFS.md b/Enumeration/NFS.md index e3e8749..4f3c858 100644 --- a/Enumeration/NFS.md +++ b/Enumeration/NFS.md @@ -1,12 +1,43 @@ # NFS Enumeration -## Find Mounts -* `rpcinfo -p $TARGET_IP` -* `showmount -e $TARGET_IP` +The Network File System (NFS) is a distributed file system protocol that allows +clients in a network to access and interact with files and directories on +remote servers as if they were local. Developed by Sun Microsystems in the +1980s, NFS is designed to enable efficient sharing and management of files +across different operating systems and platforms. -## Mount +NFS operates based on a client-server model, where the client is the system +that requests access to files or directories, and the server is the system that +holds and manages these resources. The NFS protocol defines a set of operations +that clients can use to perform file-related tasks, such as reading, writing, +creating, deleting, and listing files and directories. + +## Find NFS Shares on the Network + +NFS provides a level of transparency to the user and applications. Remote files +and directories are accessed just like local ones, with no need for the user to +be aware of the underlying network communication. You just have to find the shares. + +You can look for NFS mounts on a network using the following command + +```sh +rpcinfo -p $TARGET_IP +``` + +or another alternative is + +```sh +showmount -e $TARGET_IP +``` + +## Mount NFS Shares + +Clients can "mount" remote directories onto their local file system, making the +remote files and directories appear as if they are part of the client's own +file system hierarchy. + +Mount a share via the following command ```sh mount -t nfs $TARGET_IP /tmp/nfsfiles ``` - diff --git a/Enumeration/rsync.md b/Enumeration/rsync.md index d875ac6..eec1912 100644 --- a/Enumeration/rsync.md +++ b/Enumeration/rsync.md @@ -1,9 +1,13 @@ # rsync -* [netspi article]( https://www.netspi.com/blog/technical/network-penetration-testing/linux-hacking-case-studies-part-1-rsync/) -* [hacktricks' rsync](https://book.hacktricks.xyz/pentesting/873-pentesting-rsync) +> rsync is an open source utility that provides fast incremental file transfer. +> rsync is freely available under the GNU General Public License and is currently +> being maintained by Wayne Davison. +> -- [rsync.samba.org](rsync.samba.org) -## Enumerate +## Enumerate via rsync + +Enumerate files and directories via rsync in the following ways ```sh rsync :: @@ -11,32 +15,49 @@ rsync ::files rsync ::files/foo/ ``` -### via netcat +### Enumerate through rsync protocol via netcat + +Another way is the following -* Another way is the following ```sh nc -vn $TARGET_IP 873 ``` -* Repeat the identical handshake, e.g. + +Repeat the handshake identical to the rsync binary, e.g. + ``` @RSYNCD: 31.0 ``` -* List all directories + +Afterwards you are able to list all directories + ```sh #list ``` -## Downloads +## Downloads via rsync + +Download files and directories through rsynv via the following commands ```sh rsync @::/files/foo/bar.txt . rsync -r @::/files/foo . ``` -Use no credentials at all to connect anonymously. -## Uploads +Login anonymously might work out in some cases, use no credentials at all to connect anonymously. + +## Uploads via rsync + +Upload files and directories through rsynv via the following commands ```sh rsync authorized_keys @::/files/foo/.ssh/ rsync -r documents @::/files/foo/ ``` + +## References + +* [rsync webpage](rsync.samba.org) +* [netspi article]( https://www.netspi.com/blog/technical/network-penetration-testing/linux-hacking-case-studies-part-1-rsync/) +* [hacktricks' rsync](https://book.hacktricks.xyz/pentesting/873-pentesting-rsync) +