# **Basic Information** According to [HTB Academy](https://academy.hackthebox.com/module/112/section/1240): > [Rsync](https://linux.die.net/man/1/rsync) is a fast and efficient tool for locally and remotely copying files. It can be used to copy files locally on a given machine and to/from remote hosts. It is highly versatile and well-known for its delta-transfer algorithm. This algorithm reduces the amount of data transmitted over the network when a version of the file already exists on the destination host. It does this by sending only the differences between the source files and the older version of the files that reside on the destination server. It is often used for backups and mirroring. It finds files that need to be transferred by looking at files that have changed in size or the last modified time. By default, it uses port `873` and can be configured to use SSH for secure file transfers by piggybacking on top of an established SSH server connection. # **Enumeration** - Listing the contents of a shared folder on a target server and retrieving files can be done without authentication - Other times valid credentials will be required, always check for password reuse ## **Scanning** ```bash # default scan sudo nmap -sV -p 873 <target_ip> ``` ## **Shares** ```bash # list available shares nc -nv <target_ip> 873 list # enumerate open share rsync -av --list-only rsync://<target_ip>/<share_name> # pull files from the target server rsync -av rsync://<target_ip>/<share_name> # use rsync over ssh rsync -av rsync://<target_ip>/<share_name> -e ssh rsync -av rsync://<target_ip>/<share_name> -e "ssh -p2222" ``` # **References** - [Transfer Files with Rsync over SSH](https://phoenixnap.com/kb/how-to-rsync-over-ssh) # **Practical Application** | Platform | Name | Notes | | -------- | ---- | ----- | | | | |