Protected File Transfers

encrypting the data or files before a transfer is often necessary to prevent the data from being read if intercepted in transit.
Data leakage during a penetration test could have severe consequences for the penetration tester, their company, and the client.

Prefer transfers over HTTPS, SFTP, SSH (SCP)

File Encryption on Windows:

https://www.powershellgallery.com/packages/DRTools/4.0.2.3/Content/Functions%5CInvoke-AESEncryption.ps1
Import-Module .\Invoke-AESEncryption.ps1
Invoke-AESEncryption -Mode Encrypt -Key "p4ssw0rd" -Path .\scan-results.txt
- Will save a new <filename>.aes file

File Encryption on Linux:

Encrypt a file - openssl enc -aes256 -iter 100000 -pbkdf2 -in /etc/passwd -out passwd.enc - Enter a strong password when prompted so that it wont be brute forced Decrypt a file - openssl enc -d -aes256 -iter 100000 -pbkdf2 -in passwd.enc -out passwd

Catching files over HTTP/S

We know python3 uploadserver

Nginx - Enabling PUT

Create a dir to handle uploaded files
- sudo mkdir -p /var/www/uploads/SecretUploadDirectory
Change the owner to www-data
- sudo chown -R www-data:www-data /var/www/uploads/SecretUploadDirectory

Create the nginx configuration file /etc/nginx/sites-available/upload.conf

server {
listen 9001;

location /SecretUploadDirectory/ {
    root    /var/www/uploads;
    dav_methods PUT;
    }
}

Symlink our site ot the sites-enabled Directory
- sudo ln -s /etc/nginx/sites-available/upload.conf /etc/nginx/sites-enabled/
Start nginx server
- sudo systemctl restart nginx.service
Verify errors:
- tail -2 /var/log/nginx/error.log
- ss -lnpt | grep 80
- ps -ef | grep 2811
Remove the default port 80 config
- sudo rm /etc/nginx/sites-enabled/default
Test upload using cURL and PUT
- curl -T /etc/passwd http://localhost:9001/SecretUploadDirectory/users.txt
Check the output:
- sudo tail -1 /var/www/uploads/SecretUploadDirectory/users.txt

Make sure that directory listing is disabled Apache allows this but Nginx doesnt