Skip to content

Latest commit

 

History

History
118 lines (86 loc) · 3.65 KB

modules_list.md

File metadata and controls

118 lines (86 loc) · 3.65 KB
Raw

Description

An rsync module is essentially a directory share. These modules can optionally be protected by a password. This module connects to and negotiates with an rsync server, lists the available modules and, optionally, determines if the module requires a password to access.

Vulnerable Application

Configuring rsync on Kali Linux:

Rsync is installed by default on Kali, however we need to configure some modules for the scanner to find. Step three will create the secrets files which we'll use to test the authentication mechanism. Much of this is based on the guide from atlantic.net.

  1. mkdir /home/public_rsync2; mkdir /home/public_rsync3; mkdir /home/public_rsync

  2. Create the configuration file:

    echo -n "[read only files]
path = /home/public_rsync
comment = Files are read only
read only = true
timeout = 300

[writable]
path = /home/public_rsync2
comment = Files can be written to
read only = false
timeout = 300

[authenticated]
path = /home/public_rsync3
comment = Files require authentication
read only = true
timeout = 300
auth users = rsync1,rsync2
secrets file = /etc/rsyncd.secrets
" > /etc/rsyncd.conf

rsync2:Xyb#vbfUQR0og0$6 rsync3:VU&A1We5DEa8M6^8" > /etc/rsyncd.secrets4.chmod 600 /etc/rsyncd.secrets5.rsync --daemon```

Verification Steps

  1. Do: use auxiliary/scanner/rsync/modules_list
  2. Do: set rhosts [ips]
  3. Do: run

Options

TEST_AUTHENTICATION

Connect to each share and test if authentication is required.

VERBOSE

When set to false, each module will be listed. When set to true each module will be listed, then a summary table will also be printed including if authentication is required, and any module comments. false is the default value.

Scenarios

rsyncd on Kali (using above config)

With verbose set to false:

msf5 > use auxiliary/scanner/rsync/modules_list
msf5 auxiliary(scanner/rsync/modules_list) > set rhosts 10.168.202.216
rhosts => 10.168.202.216
msf5 auxiliary(scanner/rsync/modules_list) > run

[+] 10.168.202.216:873    - 3 rsync modules found: read only files, writable, authenticated

With verbose set to true:

msf5 > use auxiliary/scanner/rsync/modules_list
msf5 auxiliary(scanner/rsync/modules_list) > set rhosts 10.168.202.216
rhosts => 10.168.202.216
msf5 auxiliary(scanner/rsync/modules_list) > set verbose true
verbose => true
msf5 auxiliary(scanner/rsync/modules_list) > run

[+] 10.168.202.216:873    - 3 rsync modules found: read only files, writable, authenticated

rsync modules for 10.168.202.216:873   
=======================================

   Name             Comment                       Authentication
   ----             -------                       --------------
   authenticated    Files require authentication  required
   read only files  Files are read only           not required
   writable         Files can be written to       not required

Confirming

nmap

# nmap -p 873 -sV -script=rsync-list-modules 10.168.202.216
Starting Nmap 7.70 ( https://nmap.org ) at 2018-07-12 16:32 EDT
Nmap scan report for 10.168.202.216
Host is up (0.000045s latency).

PORT    STATE SERVICE VERSION
873/tcp open  rsync   (protocol version 31)
| rsync-list-modules: 
|   read only files	Files are read only
|   writable       	Files can be written to
|_  authenticated  	Files require authentication