An rsync module is essentially a directory share. These modules can optionally be protected by a password. This module connects to and negotiates with an rsync server, lists the available modules and, optionally, determines if the module requires a password to access.
Rsync is installed by default on Kali, however we need to configure some modules for the scanner to find. Step three will create the secrets files which we'll use to test the authentication mechanism. Much of this is based on the guide from atlantic.net.
-
mkdir /home/public_rsync2; mkdir /home/public_rsync3; mkdir /home/public_rsync
-
Create the configuration file:
echo -n "[read only files] path = /home/public_rsync comment = Files are read only read only = true timeout = 300 [writable] path = /home/public_rsync2 comment = Files can be written to read only = false timeout = 300 [authenticated] path = /home/public_rsync3 comment = Files require authentication read only = true timeout = 300 auth users = rsync1,rsync2 secrets file = /etc/rsyncd.secrets " > /etc/rsyncd.conf
-
rsync2:Xyb#vbfUQR0og0$6
rsync3:VU&A1We5DEa8M6^8" > /etc/rsyncd.secrets4.
chmod 600 /etc/rsyncd.secrets5.
rsync --daemon```
- Do:
use auxiliary/scanner/rsync/modules_list
- Do:
set rhosts [ips]
- Do:
run
TEST_AUTHENTICATION
Connect to each share and test if authentication is required.
VERBOSE
When set to false
, each module will be listed. When set to true
each module will be listed, then a summary
table will also be printed including if authentication is required, and any module comments. false
is the default value.
With verbose set to false
:
msf5 > use auxiliary/scanner/rsync/modules_list
msf5 auxiliary(scanner/rsync/modules_list) > set rhosts 10.168.202.216
rhosts => 10.168.202.216
msf5 auxiliary(scanner/rsync/modules_list) > run
[+] 10.168.202.216:873 - 3 rsync modules found: read only files, writable, authenticated
With verbose set to true
:
msf5 > use auxiliary/scanner/rsync/modules_list
msf5 auxiliary(scanner/rsync/modules_list) > set rhosts 10.168.202.216
rhosts => 10.168.202.216
msf5 auxiliary(scanner/rsync/modules_list) > set verbose true
verbose => true
msf5 auxiliary(scanner/rsync/modules_list) > run
[+] 10.168.202.216:873 - 3 rsync modules found: read only files, writable, authenticated
rsync modules for 10.168.202.216:873
=======================================
Name Comment Authentication
---- ------- --------------
authenticated Files require authentication required
read only files Files are read only not required
writable Files can be written to not required
# nmap -p 873 -sV -script=rsync-list-modules 10.168.202.216
Starting Nmap 7.70 ( https://nmap.org ) at 2018-07-12 16:32 EDT
Nmap scan report for 10.168.202.216
Host is up (0.000045s latency).
PORT STATE SERVICE VERSION
873/tcp open rsync (protocol version 31)
| rsync-list-modules:
| read only files Files are read only
| writable Files can be written to
|_ authenticated Files require authentication