> For the complete documentation index, see [llms.txt](https://dmcxblue.gitbook.io/red-team-notes-2-0/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://dmcxblue.gitbook.io/red-team-notes-2-0/red-team-infrastructure/delivery/pwndrop.md).

# PwnDrop

I wanted to demonstrate this amazing tool for setting up delivery payloads with a spoofing method that can allow more legitimate-looking links for Payload deliveries as the Tool description implies it's a self-deployable file hosting service for sending out red teaming payloads or securely sharing private files over HTTP and WebDav.

Now I won’t write the setup here since it's well written and demonstrated on the Github page already.

Here is a sample of the tool functioning, will create a simple payload with msfvenom

![](/files/AEq9vhYSJSenKCMVr5Kz)

Now run the tool and the tool on its first execution will create a .ini file with the configurations to access the pwndrops admin panel, where the files will be stored and the admin files data.

![](/files/ZCL6k3HZx1Fx0np4RMPS)

If anyone with incorrect information such as the wrong path they will be redirected to another page of choosing or simply a 404 error.

When uploading our payload we need 2 things the payload itself and a Facade file which we can use as a means of spoofing our original file when sending our link

![](/files/ojmLAZ5MUNqQ5OoX8QGe)

In that manner when the target receives the link it is a spoofed linked and will be redirected to the original file that would be our payload.

A small demonstration

![](/files/2UkGjAl7YDmSMcz6uEZQ)
