Hack the Box – Synced
# Information:
Platform Name: Hack the Box
Machine Challenge: Synced
Machine Status: Starting Point
Challenge Level: Very Easy
# Used Tools:
- Linux
- nmap
- rsync
- terminal
# Challenge Description:
This challenge has a list of questions that need to be answered in order to retrieve the flag. We will answer every question.
# Writeup:
Task 1:
“What is the default port for rsync?“
Answer: The default port for rsync is 873.
Task 2:
“How many TCP ports are open on the remote host?“
Answer: There is 1 port opened.
To know this, I performed an nmap scan as you can see on image 1.
Task 3:
“What is the protocol version used by rsync on the remote machine?“
Answer: As you can see in image 1, the protocol version used by rsync is 31.
Task 4:
“What is the most common command name on Linux to interact with rsync?“
Answer: After doing a bit of research, I discovered that the command is rsync.
rsync stands for remote sync and it’s used to transfer and synchronize files between devices and remote Linux servers.
Task 5:
“What credentials do you have to pass to rsync in order to use anonymous authentication? anonymous:anonymous, anonymous, None, rsync:rsync“
Answer: After a quick search on google I saw that an anonymous authentication doesn’t require credentials. So the answer is none.
Task 6:
“What is the option to only list shares and files on rsync? (No need to include the leading — characters)“
Answer: The answer is list-only.
If you have rsync installed on your linux, you can run the command:
rsync -help
This command will display the options that you can use with the rsync command. See some options in image 2.
As you can see in image 2, the option that only list files is option:
--list-only
This option lists the files and do not copy them.
After knowing all this, I used the following command to list the files:
rsync --list-only <your_IP_here>::
You can see my output in image 3.
Note: In image 3, we use the “::” because we connect to an rsync daemon and not to a remote shell. See this using the command rsync -help.
Submit flag:
After knowing this, I listed the contents that where inside on “public” and my output was the following:
As you can see in image 4, our flag is inside of public. So, now, we just nee to download the flag. To do that we just need to use the following command:
rsync <your_IP_here>::public/flag.txt flag1.txt
This command will copy the flag to our current directory and the flag will be copied to a new file that will be created by the name of flag1.txt.
As you can see in image 5, we copied the contents of the file “flag.txt” to the file “flag1.txt”. To see if our copy was successful we inserted the command “ls” to list the contents of our current directory and as you can see, our flag is there. Now, we just need to read the file and to do that we can use the command:
cat <name_of_your_file_here>
Here we have our flag!
The flag is:
Thank you very much for reading!
Cheers,
SoBatista