> For the complete documentation index, see [llms.txt](https://capcap-1.gitbook.io/capcap/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://capcap-1.gitbook.io/capcap/readme/ctf-modules/information-gathering/service-enumeration/linux-remote-management-protocols/rsync-873.md).

# Rsync (873)

Use this page to enumerate Rsync shares and identify exposed data quickly.

### Rsync

Rsync is a highly flexible network utility optimized to mirror, copy, and synchronize files locally or across remote endpoints using TCP port `873`.

### The delta-transfer core

* **Mechanism** — Rsync limits network resource strain via its native delta-transfer algorithm.
* **Operation** — instead of copying whole files, it scans modification timelines and size variations to isolate and transfer only the explicit byte differences between the source and target.

### Security exposures

#### Anonymous data looting

If an administrator exposes a directory share publicly without setting up access controls or password parameters, any external asset can list and download the target backup repository.

### Footprinting and share enumeration playbook

#### Step 1: Detect service version

```bash
sudo nmap -sV -p 873 <TARGET_IP>
```

#### Step 2: Query for available directory share contexts

```bash
nc -nv <TARGET_IP> 873
# Once connected, type the following command directly into the socket:
#list
```

#### Step 3: Enumerate shared directory file inventories

```bash
# Review files inside an identified target share (for example, 'dev')
rsync -av --list-only rsync://<TARGET_IP>/dev
```

#### Step 4: Mirror and exfiltrate the data

```bash
# Bulk download everything inside the exposed target share locally
rsync -av rsync://<TARGET_IP>/dev ./local_loot_folder/

# If Rsync routes via an alternative, non-standard SSH port setup:
rsync -av -e "ssh -p <PORT>" rsync://<TARGET_IP>/share_name ./local_folder/
```


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter:

```
GET https://capcap-1.gitbook.io/capcap/readme/ctf-modules/information-gathering/service-enumeration/linux-remote-management-protocols/rsync-873.md?ask=<question>&goal=<endgoal>
```

`ask` is the immediate question: it should be specific, self-contained, and written in natural language.
`goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal.

The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.
