killchain-compendium/Enumeration/rsync.md

rsync

rsync is an open source utility that provides fast incremental file transfer. rsync is freely available under the GNU General Public License and is currently being maintained by Wayne Davison. -- rsync.samba.org

Enumerate via rsync

Enumerate files and directories via rsync in the following ways

rsync <target-IP>::
rsync <target-IP>::files
rsync <target-IP>::files/foo/

Enumerate through rsync protocol via netcat

Another way is the following

nc -vn $TARGET_IP 873

Repeat the handshake identical to the rsync binary, e.g.

@RSYNCD: 31.0

Afterwards you are able to list all directories

#list

Downloads via rsync

Download files and directories through rsynv via the following commands

rsync <user>@<target-IP>::/files/foo/bar.txt .
rsync -r <user>@<target-IP>::/files/foo .

Login anonymously might work out in some cases, use no credentials at all to connect anonymously.

Uploads via rsync

Upload files and directories through rsynv via the following commands

rsync authorized_keys <user>@<target-IP>::/files/foo/.ssh/
rsync -r documents <user>@<target-IP>::/files/foo/

References

• rsync webpage
• netspi article
• hacktricks' rsync