Shulou(Shulou.com)05/31 Report--

This article is to share with you about what pwndrop is. The editor thinks it is very practical, so share it with you as a reference and follow the editor to have a look.

Pwndrop

Pwndrop is a file hosting service that supports self-deployment. With the help of pwndrop, Red team researchers will be able to send, upload or share Payload and various confidential files through HTTP, HTTPS or WebDAV.

If you need to quickly set up a Nginx or Apache Web server to host your confidential files, and do not want to do complex environment building / configuration, then pwndrop can definitely meet your needs.

Pwndrop function

1. Use our own private VPS and drag and drop to upload or share multiple confidential files

2. You can simply set whether the target file can be downloaded.

3. Set a custom download URL for shared files without modifying / exposing the directory structure

4. Facade virtual files can be set without downloading the original files.

5. Set automatic redirection to hide file extensions in shared connections

6. Change the MIME type of the managed file to change the behavior of the browser when you click the download link

7. Hosting files through HTTP, HTTPS and WebDAV

8. Use Bash oneliner to install and set up everything

9. Set pwndrop as the domain name server to respond to valid DNS A records to any subdomain name.

10. Use a custom secret URL path to protect the background management system, and log in with a user name and password

11. Don't worry about the HTTPS certificate, because pwndrop will help us to complete all the configuration and renewal operations in the future.

The main function of this tool is to help us to share files in the simplest and most convenient way, and to provide additional auxiliary functions for red team security researchers.

The front end of pwndrop is based on pure Vue.js + Bootstrap development and does not require any npm or webpack dependencies. Pwndrop background provides REST API interface and integrates local database, which is driven by Go language program.

Tool dependence

Set up your own VPS server, register a new domain name, and point the DNS A record of the domain name to the IP address of your VPS server. Alternatively, you can register a domain name and have its ns1 and ns2 domain name servers point to the IP address of the pwndrop instance. The server requires at least the memory RAM of 512MB.

If you do not want to register a domain name, you can also set up a local instance, but at this time you will not be able to automatically generate HTTPS certificates.

Tool installation

First, make sure that no DNS or HTTP (S) server is running before attempting to install pwndrop.

Oneliner

Personally, I don't recommend using Oneliner, but if you must:

Curl https://raw.githubusercontent.com/kgretzky/pwndrop/master/install_linux.sh | sudo bash

The above command will download the latest version of the AMD64 release code and install a daemon running in the background.

Package installation

First, you need to download the latest version of the code package from the GitHub Release page of pwndrop, or use the following command to cologne the project source code locally:

Git clone https://github.com/kgretzky/pwndrop.git

Then run the following command:

Tar zxvf pwndrop-linux-amd64.tar.gz./pwndrop stop./pwndrop install./pwndrop start./pwndrop status source code installation

First, make sure that the Go v1.13 + environment is set up on your device, and then run the following command:

Quick use of git clone https://github.com/kgretzky/pwndropcd pwndropmakemake install

Make sure that pwndrop is already running.

1. Access the secret URL address and authorize the browser to access: https://yourdomain.com/pwndrop; (this is a default address, make sure to use the secret path later)

2. Access the URL path of the management backend in the browser: https://yourdomain.com/; (after authorizing the browser, you will be able to access the backend management login page)

3. Create an administrator account and log in

4. Click the configuration button in the upper left corner to modify the background path address.

Run from the command line

If you don't install pwndrop as a daemon, you can still use pwndrop from the command line.

Usage: pwndrop [start | stop | install | remove | status] [- config] [- debug] [- no-autocert] [- no-dns] [- h] daemon management:start: start the daemonstop: stop the daemoninstall: install the daemon using the available system manager (systemd, systemv and upstart supported) remove: uninstall the daemonstatus: check status of the installed daemonparameters:-config: specify a custom path to a config file (def. 'pwndrop.ini' in same directory as the executable)-debug: enable debug output-no-autocert: disable automatic TLS certificate retrieval from LetsEncrypt; useful when you want to connect over IP or/and in a local network-no-dns: do not run a DNS server on port 53 UDP; use this if you don't want to use pwndrop as a nameserver-h: usage help tool configuration

The first time you start, pwndrop will create a new configuration file called pwndrop.ini, which you can modify according to your needs. The following is a sample configuration file:

[pwndrop] listen_ip = "190.33.86.22" # the external IP of your pwndrop instance (must be set if you want to use the nameserver feature) http_port = 80 # listening port for HTTP and WebDAVhttps_port = 443 # listening port for HTTPSdata_dir = ". / data" # directory path where data storage will reside (relative paths are from executable directory path) admin_dir = ". / admin" # directory path where the admin panel files reside (relative paths are from executable directory path) [setup] # optional: Put in if you want to pre-configure pwndrop (section will be deleted from the config file on first run) username = "admin" # username of the admin accountpassword = "secretpassword" # password of the admin accountredirect_url = "https://www.somedomain.com" # URL to which visitors will be redirected to if they supply a path Which doesn't point to any shared file (put blank if you want to return 404) secret_path = "/ pwndrop" # secret URL path, which upon visiting will allow your browser to access the login page of the admin panel (make sure to change the default value) thanks for reading! This is the end of this article on "what is pwndrop?". I hope the above content can be of some help to you, so that you can learn more knowledge. if you think the article is good, you can share it for more people to see!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.