Synced Write-up - Nikola's Digital Garden

#readwise # Synced Write-up ![rw-book-cover](https://readwise-assets.s3.amazonaws.com/media/reader/parsed_document_assets/292569068/ZKr6-HzEYwADaurNgvrTQQxUPz-snyWL5yQZr22kswk-cove_ZMub4q1.png) ## Metadata - Author: [[Hack The Box]] - Full Title: Synced Write-up ## Summary The File Transfer Protocol (FTP) is old and slow, making it less efficient for transferring files. Rsync is a faster tool that only sends changes, called deltas, which saves time and bandwidth. It is commonly used for backups and keeping files in sync between devices. This guide shows how to use rsync to access and retrieve a file from a remote machine. ## Highlights The main concern with FTP is that it is a very old and slow protocol. FTP is a protocol used for copying entire files over the network from a remote server. In many cases there is a need to transfer only some changes made to a few files and not to transfer every file every single time. For these scenarios, the rsync protocol is generally preferred. The changes that need to get transfered are called deltas. Using deltas to update files is an extremely efficient way to reduce the required bandwidth for the transfer as well as the required time for the transfer to complete. ([View Highlight](https://read.readwise.io/read/01jrmdzd7r8hxfmwtdtayrm4qq)) ^57f1u8 --- The official definition of rsync according to the Linux [manual](https://linux.die.net/man/1/rsync) page is: ^wxywhh > Rsync is a fast and extraordinarily versatile file copying tool. It can copy locally, to/from another host over any remote shell, or to/from a remote rsync daemon. It offers a large number of options that control every aspect of its behavior and permit very flexible specification of the set of files to be copied. It is famous for its delta- transfer algorithm, which reduces the amount of data sent over the network by sending only the differences between the source files and the existing files in the destination. Rsync is widely used for backups and mirroring and as an improved copy command for everyday use. ^9ev0gg ([View Highlight](https://read.readwise.io/read/01jrmdzfnpxk5k72panxk0yv5v)) --- It follows directly from the definition of rsync that it's a great tool for creating/maintaining backups and keeping remote machines in sync with each other. Both of these functionalities are commonly implemented in corporate environment. In these environments time is of of the most importance, so rsync is preferred due to the speedup it offers for these tasks. ([View Highlight](https://read.readwise.io/read/01jrme06peeh080baq3gmmtd25)) --- - The main stages of an rsync transfer are the following: ^8joa2e 1. rsync establishes a connection to the remote host and spawns another rsync receiver process. 2. The sender and receiver processes compare what files have changed. 3. What has changed gets updated on the remote host. ([View Highlight](https://read.readwise.io/read/01jrme08mkjqjzwe7b68fwxrpx)) --- It often happens that rsync is misconfigured to permit anonymous login, which can be exploited by an attacker to get access to sensitive information stored on the remote machine. ([View Highlight](https://read.readwise.io/read/01jrme0d41v2fjy72088qx8zka)) ^u8wyas --- The generic syntax used by rsync is the following: ```sh rsync [OPTION] … [USER@]HOST::SRC [DEST] ``` Where `SRC` is the file or directory (or a list of multiple files and directories) to copy from, `DEST` is the file or directory to copy to, and square brackets indicate optional parameters. ([View Highlight](https://read.readwise.io/read/01jrme0ktffrj6bnsmgws6jyxn)) - Note: The two colons (`::`) are there because we’re connecting to an Rsync daemon. ^b1shdj --- The `[USER@]` optional parameter is used when we want to access the the remote machine in an authenticated way. In this case, we don't have any valid credentials at our disposal so we will omit this portion and try an anonymous authentication. ([View Highlight](https://read.readwise.io/read/01jrme50njyjz33fdzg6f299yd)) --- As our first attempt we will try to simply list all the available directories to an anonymous user. Reading through the manual page we can spot the option `--list-only `, which according to the definition is used to "list the files instead of copying them". ([View Highlight](https://read.readwise.io/read/01jrme52tchqehf9ne45pv39jb)) --- ```sh rsync --list-only {target_IP}:: ``` ([View Highlight](https://read.readwise.io/read/01jrme556rz8z06781hz0nr507)) --- We notice a file called `flag.txt` inside the public share. Our last step is to copy/sync this file to our local machine. To do that, we simply follow the general syntax by specifying the `SRC` as `public/flag.txt` and the `DEST` as `flag.txt` to transfer the file to our local machine. ```sh rsync {target_IP}::public/flag.txt flag.txt ``` ([View Highlight](https://read.readwise.io/read/01jrme5ab6xhnmarftvfxbhvsr)) ---