adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
94de45d856b7d4ea32456bbdc7531af67bfbcaa1
metasploit-gs/documentation/modules/auxiliary/scanner/rsync/modules_list.md
T

119 lines
3.6 KiB
Markdown
Raw Normal View History

A few aux module docs
2018-07-12 17:50:47 -04:00
## Description
An rsync module is essentially a directory share. These modules can optionally be protected by a password. This module connects to and
negotiates with an rsync server, lists the available modules and, optionally, determines if the module requires a password to access.
## Vulnerable Application
### Configuring rsync on Kali Linux:
Rsync is installed by default on Kali, however we need to configure some modules for the scanner to find. Step three will
create the secrets files which we'll use to test the authentication mechanism. Much of this is based on the guide from
[atlantic.net](https://www.atlantic.net/cloud-hosting/how-to-setup-rsync-daemon-linux-server/).
1. ```mkdir /home/public_rsync2; mkdir /home/public_rsync3; mkdir /home/public_rsync```
2. Create the configuration file:
```
echo -n "[read only files]
path = /home/public_rsync
comment = Files are read only
read only = true
timeout = 300
[writable]
path = /home/public_rsync2
comment = Files can be written to
read only = false
timeout = 300
[authenticated]
path = /home/public_rsync3
comment = Files require authentication
read only = true
timeout = 300
auth users = rsync1,rsync2
secrets file = /etc/rsyncd.secrets
" > /etc/rsyncd.conf
```
3. ```echo -n "rsync1:9$AZv2%5D29S740k
rsync2:Xyb#vbfUQR0og0$6
rsync3:VU&A1We5DEa8M6^8" > /etc/rsyncd.secrets```
4. ```chmod 600 /etc/rsyncd.secrets```
5. ```rsync --daemon```
## Verification Steps
1. Do: `use auxiliary/scanner/rsync/modules_list`
2. Do: `set rhosts [ips]`
3. Do: `run`
## Options
**TEST_AUTHENTICATION**
Connect to each share and test if authentication is required.
**VERBOSE**
When set to `false`, each module will be listed. When set to `true` each module will be listed, then a summary
table will also be printed including if authentication is required, and any module comments. `false` is the default value.
## Scenarios
### rsyncd on Kali (using above config)
With verbose set to `false`:
```
msf5 > use auxiliary/scanner/rsync/modules_list
msf5 auxiliary(scanner/rsync/modules_list) > set rhosts 10.168.202.216
rhosts => 10.168.202.216
msf5 auxiliary(scanner/rsync/modules_list) > run
[+] 10.168.202.216:873 - 3 rsync modules found: read only files, writable, authenticated
```
With verbose set to `true`:
```
msf5 > use auxiliary/scanner/rsync/modules_list
msf5 auxiliary(scanner/rsync/modules_list) > set rhosts 10.168.202.216
rhosts => 10.168.202.216
msf5 auxiliary(scanner/rsync/modules_list) > set verbose true
verbose => true
msf5 auxiliary(scanner/rsync/modules_list) > run
[+] 10.168.202.216:873 - 3 rsync modules found: read only files, writable, authenticated
rsync modules for 10.168.202.216:873
=======================================
Name Comment Authentication
---- ------- --------------
authenticated Files require authentication required
read only files Files are read only not required
writable Files can be written to not required
```
## Confirming
### [nmap](https://nmap.org/nsedoc/scripts/rsync-list-modules.html)
```
# nmap -p 873 -sV -script=rsync-list-modules 10.168.202.216
Starting Nmap 7.70 ( https://nmap.org ) at 2018-07-12 16:32 EDT
Nmap scan report for 10.168.202.216
Host is up (0.000045s latency).
PORT STATE SERVICE VERSION
873/tcp open rsync (protocol version 31)
| rsync-list-modules:
| read only files Files are read only
| writable Files can be written to
|_ authenticated Files require authentication
```
Reference in New Issue Copy Permalink