PORT STATE SERVICE REASON
873/tcp open rsync syn-ack
列挙
バナー&マニュアル通信
nc-vn127.0.0.1873(UNKNOWN) [127.0.0.1] 873 (rsync) open@RSYNCD:31.0<---Youreceivethisbannerwiththeversionfromtheserver@RSYNCD:31.0<---Thenyousendthesameinfo#list <--- Then you ask the sever to listraidroot<---TheserverstartsenumeratingUSBCopyNAS_Public_NAS_Recycle_TOSRAID<---Enumerationfinished@RSYNCD:EXIT<---Severclosestheconnection#Now lets try to enumerate "raidroot"nc-vn127.0.0.1873(UNKNOWN) [127.0.0.1] 873 (rsync) open@RSYNCD:31.0@RSYNCD:31.0raidroot@RSYNCD:AUTHREQD7H6CqsHCPG06kRiFkKwD8g<---Thismeansyouneedthepassword
nmap-sV--script"rsync-list-modules"-p<PORT><IP>msf>useauxiliary/scanner/rsync/modules_list# Example with IPv6 and alternate portrsync-av--list-onlyrsync://[dead:beef::250:56ff:feb9:e90a]:8730
Be aware that some shares might not appear in the list, possibly hiding them. Additionally, accessing some shares might be restricted to specific credentials, indicated by an "Access Denied" message.
Upon obtaining a module list, actions depend on whether authentication is needed. Without authentication, listing and copying files from a shared folder to a local directory is achieved through:
# Listing a shared folderrsync-av--list-onlyrsync://192.168.0.123/shared_name# Copying files from a shared folderrsync-avrsync://192.168.0.123:8730/shared_name./rsyn_shared