# PwnDrop

I wanted to demonstrate this amazing tool for setting up delivery payloads with a spoofing method that can allow more legitimate-looking links for Payload deliveries as the Tool description implies it's a self-deployable file hosting service for sending out red teaming payloads or securely sharing private files over HTTP and WebDav.

Now I won’t write the setup here since it's well written and demonstrated on the Github page already.

Here is a sample of the tool functioning, will create a simple payload with msfvenom

![](https://315180959-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MRh03Vwd4nuiUi3Oje7%2Fuploads%2FbOSvEwZmIhGfxidQA6lq%2Fimage.png?alt=media\&token=ca5668eb-1a6e-4ea4-a8ce-01a8f7b26674)

Now run the tool and the tool on its first execution will create a .ini file with the configurations to access the pwndrops admin panel, where the files will be stored and the admin files data.

![](https://315180959-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MRh03Vwd4nuiUi3Oje7%2Fuploads%2FvfYr1gjrXhTPkKCgCcgU%2Fimage.png?alt=media\&token=39dff9f4-e8e9-4beb-9dd4-f38c51d2cc01)

If anyone with incorrect information such as the wrong path they will be redirected to another page of choosing or simply a 404 error.

When uploading our payload we need 2 things the payload itself and a Facade file which we can use as a means of spoofing our original file when sending our link

![](https://315180959-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MRh03Vwd4nuiUi3Oje7%2Fuploads%2FDHbEZVABKupgeLu0iX84%2Fimage.png?alt=media\&token=d053e285-7293-4f52-aaea-4dcd53737ad4)

In that manner when the target receives the link it is a spoofed linked and will be redirected to the original file that would be our payload.

A small demonstration

![](https://315180959-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MRh03Vwd4nuiUi3Oje7%2Fuploads%2FW1bYHd14exGA205oEg05%2FPWNDROP.gif?alt=media\&token=2d411dd9-8d43-4825-990c-cf9eb3fd2df1)