PwnDrop
I wanted to demonstrate this amazing tool for setting up delivery payloads with a spoofing method that can allow more legitimate-looking links for Payload deliveries as the Tool description implies it's a self-deployable file hosting service for sending out red teaming payloads or securely sharing private files over HTTP and WebDav.
Now I won’t write the setup here since it's well written and demonstrated on the Github page already.
Here is a sample of the tool functioning, will create a simple payload with msfvenom
Now run the tool and the tool on its first execution will create a .ini file with the configurations to access the pwndrops admin panel, where the files will be stored and the admin files data.
If anyone with incorrect information such as the wrong path they will be redirected to another page of choosing or simply a 404 error.
When uploading our payload we need 2 things the payload itself and a Facade file which we can use as a means of spoofing our original file when sending our link
In that manner when the target receives the link it is a spoofed linked and will be redirected to the original file that would be our payload.
A small demonstration
Copy link