Unbalanced writeup | HackTheBox | by Darkrider88
Enumeration: Nmap scan: There is an interesting port 873 running rsync. Rsync enumeration: Reference: https://book.hacktricks.xyz/pentesting/873-pentesting-rsync Rsync is a most commonly used command for copying and synchronizing files and directories remotely as well as locally in Linux/Unix systems. First I will try to list the files or folders inside it and dump all the files. rsync -av rsync://unbalanced.htb/conf_bakcups ./rsync There is an .encfs6.xml file in this folder which tells that encfs utility is used to encrypt all the files and folders. Let us decrypt all the files John: There is script in john to extract the hash from .encfs6.xml. Cracking the .encfs6.xml file $ locate ecnfs2john $ sudo /usr/share/john/encfs2john.py ./rsync/ > encfs_hash $ sudo john -wordlist=/usr/share/wordlists/rockyou.txt encfs_hash Decrypt the rsync files and copy to other folder: $ encfs ~/hackthebox/unbalanced/rsync/ ~/hackthebox/unbalanced/rsync_decrypted/ NOTE: rsync has encrypted file an