πŸ’‘
Task 1

What is the default port for rsync?

First, as usual, run the following command in the terminal to scan the target machine for open ports using Nmap.

nmap -sV -p- IP_ADDRESS
Starting Nmap 7.80 ( https://nmap.org ) at 2023-06-15 14:37 EEST
Stats: 0:00:16 elapsed; 0 hosts completed (1 up), 1 undergoing Connect Scan
Connect Scan Timing: About 37.91% done; ETC: 14:38 (0:00:26 remaining)
Nmap scan report for IP_ADDRESS
Host is up (0.067s latency).
Not shown: 65534 closed ports
PORT    STATE SERVICE VERSION
873/tcp open  rsync   (protocol version 31)

Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 40.12 seconds

873

πŸ’‘
Task 2

How many TCP ports are open on the remote host?

1

πŸ’‘
Task 3

What is the protocol version used by rsync on the remote machine?

31

rsync

If you want to learn more about rsync you can look at the manual page. Here is a short description.

man rsync

Rsync is a fast and extraordinarily versatile file copying tool.
It can copy lo‐ cally, to/from another host over any remote shell,
or to/from a remote rsync daemon. It offers a large number of
options that control every aspect of its behavior and permit very 
flexible specification of the set of files to be copied. It is
famous for its delta-transfer algorithm, which reduces the amount of 
data sent over the network by sending only the differences between 
the source files and the existing files in the destination. Rsync is 
widely used for backups and mirroring and as an improved copy 
command for everyday use.
πŸ’‘
Task 4

What is the most common command name on Linux to interact with rsync?

rsync

πŸ’‘
Task 5

What credentials do you have to pass to rsync in order to use anonymous authentication? anonymous:anonymous, anonymous, None, rsync:rsync

In order to connect to the target machine using rsync and list all the files that reside within, we can use the following command.

rsync --list-only IP_ADDRESS::
# public         	Anonymous Share

None

πŸ’‘
Task 6

What is the option to only list shares and files on rsync? (No need to include the leading – characters)

list-only

πŸ’‘
Submit Flag

We’ve noticed there is a public directory that lives there. Let’s try to access it using the following command.

rsync --list-only IP_ADDRESS::public
# drwxr-xr-x          4.096 2022/10/25 01:02:23 .
# -rw-r--r--             33 2022/10/25 00:32:03 flag.txt

After that, we know that there is a flag.txt file inside the public folder. Based on that, we can specify the SRC (Source) and the DEST (Destination) in order to save the file in our local machine.

rsync IP_ADDRESS::public/flag.txt flag.txt
cat flag.txt

Tagged in:

HackTheBox CTF