Posted on 28th November 2017 by Paul Ritchie
RDPUpload is a tool which implements an old technique for uploading files in python. There is nothing new in its concept but the implementation is. You can get it here:
If you have a need to upload a file to an RDP, VNC, or anything else where regular uploading fails, then you can try this.
It works by:
On the receiving end you will need to save the text into a file, and then Base64 decode the contents of the file. For example, on Windows Server 2003 and upward you can use the "certutil.exe" utility tool, as follows:
certutil -decode encoded.txt decoded.zip
Note: the decoded file is a zip archive. On Windows the default zip client can extract the original file.
On Linux, you can use the base64 command to achieve similar results:
base64 --decode encoded.txt > decoded.zip
To see an example usage there is a video too:
You may be asking why this exists when you can drag and drop files from services such as RDP.
It is not uncommon for penetration testers to be asked to do a great job under less than ideal circumstances. What seems like an easy or regular task can quickly get complicated once boots are on the ground.
That may mean being asked to assure the security of a Windows Server by conducting a Configuration review. No bother! We have tools that can help us gather data in a short enough time frame to leave it cost-effective.
Then on the day:
These are all actually excellent security measures and we are happy they are there. But it does make the idea of reviewing the Windows machine somewhat trickier as that means manually reviewing every policy.
This was the original use-case for implementing the technique again. However, since I made it and released it into the wild, I have found myself using it to smuggle data past proxies. There is also various other use cases such as sending files into restricted networks if you have got an RDP/VNC session.
Wherever you can type you can send a file.
 https://github.com/SecarmaLabs/rdpupload - Our tool for uploading files via key presses.
 https://technet.microsoft.com/en-us/library/cc770631(v=ws.11).aspx - Microsoft Technet article on disabling client to server RDP redirections.
 http://tritoneco.com/2013/10/04/disable-remote-desktop-copy-paste/ - Discussing how disabling copy/paste between RDP and host is a PCI requirement.
 https://linux.die.net/man/1/base64 - Linux Command for base64 decoding files.
 https://www.secarma.co.uk/services/security-assessment/configuration-review/ - Overview of Secarma's Configuration review service.
 https://cornerpirate.com/2017/11/14/uploading-files-to-rdp-when-that-is-restricted/ - My personal Blog where I initially released RDP Upload.
Share this post: