The Remote Sync (Rsync) is a utility for transferring and synchronizing files between a computer and a storage drive and across networked computers by comparing the modification times and sizes of files.
Default Port: 873
Banner grabbing
nc -nv $IP 873Nmap
Nmap is a network scanner created by Gordon Lyon. Nmap is used to discover hosts and services on computer network by sending packets and analyzing the responses.
Nmap provides a number of features for probing computer networks, including host discovery and service and operating system detection.
# Default NSE
sudo nmap -sCV -p873 $IPManual enumeration
This guide covers some of the ways Rsync can be abused.
nc -vn 127.0.0.1 873
(UNKNOWN) [127.0.0.1] 873 (rsync) open
@RSYNCD: 31.0 <--- You receive this banner with the version from the server
@RSYNCD: 31.0 <--- Then you send the same info
#list <--- Then you ask the sever to list
raidroot <--- The server starts enumerating
USBCopy
NAS_Public
_NAS_Recycle_TOSRAID <--- Enumeration finished
@RSYNCD: EXIT <--- Sever closes the connection
#Now lets try to enumerate "raidroot"
nc -vn 127.0.0.1 873
(UNKNOWN) [127.0.0.1] 873 (rsync) open
@RSYNCD: 31.0
@RSYNCD: 31.0
raidroot
@RSYNCD: AUTHREQD 7H6CqsHCPG06kRiFkKwD8g <--- This means you need the passwordRsync
Rsync is a fast and extraordinarily versatile file copying tool. This guide is helpful for understanding the syntax for using Rsync over SSH.
# List all available shares (anonymously)
rsync -av --list-only rsync://$IP
# List contents of the share
rsync -av --list-only rsync://$IP/<share>
# Copy/Download files from a shared folder
rsync -av rsync://$IP/<share> ./rsyn_shared