PORT STATE SERVICE REASON
873/tcp open rsync syn-ack
枚举
横幅与手动通信
nc-vn127.0.0.1873(UNKNOWN) [127.0.0.1] 873 (rsync) open@RSYNCD:31.0<---Youreceivethisbannerwiththeversionfromtheserver@RSYNCD:31.0<---Thenyousendthesameinfo#list <--- Then you ask the sever to listraidroot<---TheserverstartsenumeratingUSBCopyNAS_Public_NAS_Recycle_TOSRAID<---Enumerationfinished@RSYNCD:EXIT<---Severclosestheconnection#Now lets try to enumerate "raidroot"nc-vn127.0.0.1873(UNKNOWN) [127.0.0.1] 873 (rsync) open@RSYNCD:31.0@RSYNCD:31.0raidroot@RSYNCD:AUTHREQD7H6CqsHCPG06kRiFkKwD8g<---Thismeansyouneedthepassword
nmap-sV--script"rsync-list-modules"-p<PORT><IP>msf> useauxiliary/scanner/rsync/modules_list# Example with IPv6 and alternate portrsync-av--list-onlyrsync://[dead:beef::250:56ff:feb9:e90a]:8730
在获得 module list 后,操作取决于是否需要身份验证。无需身份验证时,可以通过以下方式 listing 和 copying 文件从共享文件夹到本地目录:
# Listing a shared folderrsync-av--list-onlyrsync://192.168.0.123/shared_name# Copying files from a shared folderrsync-avrsync://192.168.0.123:8730/shared_name./rsyn_shared