pwndrop : Self-Deployable File Hosting Service

pwndrop is a self-deployable file hosting service for sending out red teaming payloads or securely sharing your private files over HTTP and WebDAV.

If you’ve ever needed to quickly set up an nginx/apache web server to host your files and you were never happy with the limitations of python -m SimpleHTTPServer, pwndrop is definitely for you!

With pwndrop you can:

  • Upload and immediately share multiple files using your own private VPS, using drag & drop.
  • Decide to make files available or unavailable for download with a single click.
  • Set up custom download URLs, for shared files, without playing with directory structure.
  • Set up facade files, which will be served instead of the original file whenever you feel like it.
  • Set up automatic redirects to spoof the file’s extension in a shared link.
  • Change MIME type of the served file to change browser’s behavior when a download link is clicked.
  • Serve files over HTTP, HTTPS and WebDAV.
  • Install and setup everything using a bash oneliner.
  • Set up pwndrop to work as a nameserver and respond with a valid DNS A record to any sub-domain you choose.
  • Protect your admin panel behind a custom secret URL path and log in securely with your own username and password.
  • Never worry about setting up HTTPS certificates as pwndrop does everything for you in the background (including auto-renewals).

Its main goal is to make file sharing as easy and intuitive as possible, while implementing extra features to aid in red team assessments.

Frontend of pwndrop is developed in pure Vue.js + Bootstrap with no npm or webpack dependencies. The backend serves REST API and manages a local database, powered by GO language.

Also Read – Privacy Badger : A Browser Extension Automatically Learns To Block Invisible Trackers

Write-up

If you want to learn how to use pwndrop or you want to learn what new features were implemented in recent releases, make sure to check out the posts on my blog:

https://breakdev.org/pwndrop

Video Guide

Prerequisites

If you don’t yet have the server to deploy to I highly recommend Digital Ocean. The cheapest $5/mo Debian 9 server with 25GB of storage space will work wonders for you. You can use my referral link to get an extra $100 to spend on your servers in 60 days for free.

Register a new domain and point its DNS A records to your VPS IP. You can also register a domain and point its ns1 and ns2 nameservers to pwndrop instance IP – it will automatically respond with valid DNS A replies.

  1. Registered domain name pointing to pwndrop instance IP as a DNS A records or as a nameserver.
  2. Server with at least 512 MB RAM.

If you want to set up pwndrop without a domain, check below how to set up a local instance, which will not auto-generate HTTPS certificates.

Installation

Make sure there aren’t any DNS or HTTP(S) servers running before you attempt to install pwndrop.

  • Oneliner

I do not recommend running oneliners, before downloading and checking the script code, but if you are really in a hurry, here it is:

curl https://raw.githubusercontent.com/kgretzky/pwndrop/master/install_linux.sh | sudo bash

This will download the latest amd64 release binary and fully install a daemon running in a background.

  • From Binary

First you need to download the release package you want from: https://github.com/kgretzky/pwndrop/releases

Then do the following (this performs same actions to the oneliner):

tar zxvf pwndrop-linux-amd64.tar.gz
./pwndrop stop
./pwndrop install
./pwndrop start
./pwndrop status

  • From Source Code

First of all, make sure you have installed GO with version at least 1.13: https://golang.org/doc/install

Then do the following:

git clone https://github.com/kgretzky/pwndrop
cd pwndrop
make
make install

Quickstart

Make sure the pwndrop is running.

  1. Open the secret URL to authorize your browser: https://yourdomain.com/pwndrop (this is a default value; make sure to use the secret path, you’ve pre-configured)
  2. Open the admin panel URL in your browser: https://yourdomain.com/ (since you’ve authorized your browser, you will now see an admin panel login page)
  3. Create your admin account or login.
  4. Click the configuration cog in top-left corner and make sure you change the secret path to something other than /pwndrop.

You’re good to go!

Running From CLI

You don’t have to install pwndrop as a daemon and you can run it straight from the console.

Daemon Management:
>>start : start the daemon
>>stop : stop the daemon
>>install : install the daemon using the available system manager (systemd, systemv and upstart supported)
>>remove : uninstall the daemon
>>status : check status of the installed daemon

Parameters:
>>config : specify a custom path to a config file (def. ‘pwndrop.ini’ in same directory as the executable)
>>debug : enable debug output
>>no-autocert : disable automatic TLS certificate retrieval from >>LetsEncrypt; useful when you want to connect over IP or/and in a local network
>>no-dns : do not run a DNS server on port 53 UDP; use this if you don’t want to use pwndrop as a nameserver
>>h : usage help

Configuration

On first launch, pwndrop, by default, will create a new configuration file pwndrop.ini in the same directory as an executable. You can later modify it or supply your own, for example to pre-configure pwndrop before the installation to automate the deployment of a tool even better.

Here is an example config file with all available config variables with commentary:

[pwndrop]
>>listen_ip = “190.33.86.22” # the external IP of your pwndrop instance (must be set if you want to use the nameserver feature)
>>http_port = 80 # listening port for HTTP and WebDAV
>>https_port = 443 # listening port for HTTPS
>>data_dir = “./data” # directory path where data storage will reside (relative paths are from executable directory path)
>>admin_dir = “./admin” # directory path where the admin panel files reside (relative paths are from executable directory path)

[setup] # optional: put in if you want to per-configure pwndrop (section will be deleted from the config file on first run)
>>username = “admin” # username of the admin account
>>password = “secretpassword” # password of the admin account
>>redirect_url = “https://www.somedomain.com” # URL to which visitors will be redirected to if they supply a path, which doesn’t point to any shared file (put blank if you want to return 404)
>>secret_path = “/pwndrop” # secret URL path, which upon visiting will allow your browser to access the login page of the admin panel (make sure to change the default value)

If you want to pre-configure your pwndrop instance before deployment using any of the installation scripts, put your configuration file at /usr/local/pwndrop/pwndrop.ini and it will be parsed the moment pwndrop daemon is first executed.

Credits: @jaredhaight

R K

Recent Posts

Shadow-rs : Harnessing Rust’s Power For Kernel-Level Security Research

shadow-rs is a Windows kernel rootkit written in Rust, demonstrating advanced techniques for kernel manipulation…

1 week ago

ExecutePeFromPngViaLNK – Advanced Execution Of Embedded PE Files via PNG And LNK

Extract and execute a PE embedded within a PNG file using an LNK file. The…

2 weeks ago

Red Team Certification – A Comprehensive Guide To Advancing In Cybersecurity Operations

Embark on the journey of becoming a certified Red Team professional with our definitive guide.…

2 weeks ago

CVE-2024-5836 / CVE-2024-6778 : Chromium Sandbox Escape via Extension Exploits

This repository contains proof of concept exploits for CVE-2024-5836 and CVE-2024-6778, which are vulnerabilities within…

3 weeks ago

Rust BOFs – Unlocking New Potentials In Cobalt Strike

This took me like 4 days (+2 days for an update), but I got it…

3 weeks ago

MaLDAPtive – Pioneering LDAP SearchFilter Parsing And Security Framework

MaLDAPtive is a framework for LDAP SearchFilter parsing, obfuscation, deobfuscation and detection. Its foundation is…

3 weeks ago