RSync (873)

rsync is a utility for efficiently transferring and synchronizing files between a computer and an external hard drive and across networked computers by comparing the modification times and sizes of files. It is commonly found on Unix-like OSs. The rsync algorithm is a type of delta encodin, and is used for minimizing network usage. Zlib may be used for additional data compression and SSH or stunnel can be used for security.

Enumerate shared folders

An rsync module is essentially a directory share. These modules can optionally be protected by a password. This options lists the available modules and, optionally, determines if the module requires a password to access

nmap -sV --script "rsync-list-modules" -p <PORT> <IP>
msf> use auxiliary/scanner/rsync/modules_list

#Example using IPv6 and a different port
rsync -av --list-only rsync://[dead:beef::250:56ff:feb9:e90a]:8730

List files

rsync rsync://192.168.247.126/fox  

Upload a file

rsync -avz temp_ssh_dir/ rsync://192.168.139.126/fox/.ssh/

Notice that it could be configured a shared name to not be listed. So there could be something hidden. Notice that it may be some shared names being listed where you need some (different) credentials to access. So, not always all the listed names are going to be accessible and you will notice it if you receive an "Access Denied" message when trying to access some of those.

Further Links

https://hacktricks.boitatech.com.br/pentesting/873-pentesting-rsync
https://hackviser.com/tactics/pentesting/services/rsync