RSYNC

So according to this article rsync is merely another network share.

873 - Pentesting Rsync - HackTricksbook.hacktricks.xyz

PORT    STATE SERVICE REASON         VERSION
873/tcp open  rsync   syn-ack ttl 63 (protocol version 31)
|_banner: @RSYNCD: 31.0
| rsync-list-modules: 
|_  fox            	fox home

We can list the contents of the fox share by doing the following command.

rsync -av --list-only rsync://192.168.143.126/fox           
receiving incremental file list
drwxr-xr-x          4,096 2021/01/21 09:21:59 .
lrwxrwxrwx              9 2020/12/03 15:22:42 .bash_history -> /dev/null
-rw-r--r--            220 2019/04/18 00:12:36 .bash_logout
-rw-r--r--          3,526 2019/04/18 00:12:36 .bashrc
-rw-r--r--            807 2019/04/18 00:12:36 .profile

sent 20 bytes  received 136 bytes  312.00 bytes/sec
total size is 4,562  speedup is 29.24

According to the article since in this case we didnt have authentication needed we could also upload files to the current directory. It so happens that we are the home folder of the user fox. So we can upload an authorized_keys file in the .ssh/ folder with our own public key and we will be able to get in.

PreviousSSH NextExploitation

Last updated 3 years ago