Catching Files over HTTP/S (Nginx)

Create a Directory to Handle Uploaded Files

sudo mkdir -p /var/www/uploads/SecretUploadDirectory

Change the Owner to www-data

sudo chown -R www-data:www-data /var/www/uploads/SecretUploadDirectory

Create Nginx Configuration File

Create the Nginx configuration file by creating the file /etc/nginx/sites-available/upload.conf with the contents:

Catching Files over HTTP/S

server {
    listen 9001;
    
    location /SecretUploadDirectory/ {
        root    /var/www/uploads;
        dav_methods PUT;
    }
}

Symlink our Site to the sites-enabled Directory

sudo ln -s /etc/nginx/sites-available/upload.conf /etc/nginx/sites-enabled/

Start Nginx

sudo systemctl restart nginx.service

Errors

If we get any error messages, check /var/log/nginx/error.log

tail -2 /var/log/nginx/error.log
ss -lnpt | grep <port>
ps -ef | grep <PID>

Remove NginxDefault Configuration

sudo rm /etc/nginx/sites-enabled/default

Upload File Using cURL

curl -T /etc/passwd http://localhost:9001/SecretUploadDirectory/users.txt

Once we have this working, a good test is to ensure the directory listing is not enabled by navigating to http://localhost/SecretUploadDirectory

PreviousProtected Files TransferNextLiving Off The Land

Last updated