Synced - Linux

Ping and nmap target Ip, sudo nmap -p- --min-rate=1000 -sV {target Ip}

After running the nmap, we find port 873/tcp open rsync, which is used for file transfer, mainly transferring specific changes to a file called deltas instead of the entire file which takes much longer like ftp. It’s also a great tool for creating/maintaining backups and keeping remote machines in sync with each other.

The normal syntax used by rsync is rsync [OPTION] … [USER@]HOST::SRC [DEST], where SRC is the file or directory to copy from, DEST is the file or directory to copy to, OPTION can be filled with the options/ modifiers available to rsync, and USER is for when we want to access the machine in an authenticated way. In this example we don’t have any credentials for USER so we’ll leave it blank

First, we’ll use rsync –list-only {target Ip}::, where –list-only lists all of the available directories. After running the command, we find a directory called “public” with the description “Anonymous Share”. We usually just called shared directories shares

The next command we’ll use is rsync –list-only {target Ip}::public which will list the files inside the public share. This reveals the flag.txt file.

We’ll then use rsync {target Ip}::public/flag.txt flag.txt to copy/sync the file to our local machine as flag.txt. Finally, we can use cat flag.txt to read the file and capture the flag.