ENCRYPTED FILE TRANSFER WITH SFTP (SSH/SECURE FILE TRANSPORT PROTOCOL)
- Layout for this exercise:
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh2L25xOF7Mfyd4ZYgFviGD4eP_1C2lP4qK-YezqHgdfOcI8s15RqwALHnnAUosoVOZxLEfVvwvxl_HEoWMyS4tZXkhuZD5zJeFE8I4Nbp4DHvMlvQ_5yo8mV_c1aeCcDylmeiJuKgbZtK8/s1600/screenshot.32.jpg)
1 - Introduction to SFTP
- SFTP (SSH or Secure File Transport Protocol) is a network protocol that provides encrypted file access, file transfer, and file management over any reliable data stream.
- SFTP was designed by the IETF (Internet Engineering Task Force) as a subsystem of SSH, sharing the same port 22 by default.
- SFTP assumes that it is run over a secure channel, such as SSH, that the server has already authenticated the client, and that the identity of the client user is available to the protocol.
https://en.wikipedia.org/wiki/SSH_File_Transfer_Protocol
- Linux manual for SFTP:
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEipMFwp9f3EIyhO6wzGdMgI5TbbmIpn9EFlbv_InTakzzz9pie7HrnxDtGgWUgY0tx-PWnrbwV3oedp0-mbomdP9YBY1YKsibvFLGXjDssPW7sNuQBU3fEdOgzy_pzSkkVYGBnT6Bol7hCE/s400/screenshot.34.jpg)
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEixZRv4VK3duN5FlMCLAB3GsTlxYDuzf6Eke8E_pQ0zdH9wii_C5Y5WzKo5TJbzysG6suxHsKP_vardzzErqO5Jpo2oz0MFDUnTDsdlfolNOJSDoEtxuE9FtIF267lMbbCikcCTS__LrJHQ/s1600/screenshot.35.jpg)
2 - Installing and starting SFTP
- Because SFTP is dependent on the very common service SSH it is usually installed by default. However, just in case it is not installed and activated, follow the next instructions.
- Installing and starting the service SSH at Debian:
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEge1hnwiXnhiWyN5el-TqIS7qtnZTsWkQzDqz5VFXq0mXWhNvElE7gyb0zKQ529UQKL_APe2nRHWUwRWD52z1lwdCBhpxB2v6K6_qyYV821wCPyPy_KHjCwmdvodzPx9D96eRV8Apm2DFO0/s1600/screenshot.10.jpg)
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgh-AaLi08BRULlUt68hv0_18iqTaKg5YpryIqZ6gcusEdf2vKdSIP5AHbeFYEHlEZdUSjYVpSJ10s-sXe7m0RwDQD5flSuNWO8qazo3nqzRn-n8DdqnI9uU66yxr9PUuwaFdmtQkvjrjPr/s1600/screenshot.11.jpg)
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjrwbdzuDlQAiLbJTyr4sflOfKxhs3oCe6YeHpIKkZVoHXdLe5XfjEGbBEdvrJk_if_fPirMdcPUt4J8FuhGIWaL802kEYJiZf16-hQiIEAOknATzX-mMVx7piaefp2b-9w3vfACGk5Qf7h/s1600/screenshot.12.jpg)
- Installing and starting the service SSH at Kali:
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiEBAYVIBqOi-oAIgwTeZBg_p_OWSUdn8GkdTKQL9AzvI30Hd3fe7qN-b8ywe7BiX3lG43X6BknSOGjDYP4eewpKRJrXhfJ0NsffQNRFD7Wo59GOaOP7UV-58HjKAyHI9su4kkjNYQhVYwM/s1600/screenshot.4.jpg)
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiHFzqIaYmEldY0At8wDbGjmwEJqgKqEa7bnfD1mP4SfVDjaKlZZQ6_JSU0jfUoltr9IZvi72Kv2lfLCMNAtqjdBd9qNfsWxuwR1sqPOKN9zANzOwZyaRnAlDnXoq2pcJjtsZ7sTlnV_cd7/s1600/screenshot.5.jpg)
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjm2hUUHRdSgO70vrIdXDkkaUM_Uaq9d5O2WPEEOEWpgSm7fRKMwk9yCTEOrVf45uOl_nCji7ZVYQqB9fAmAKL3Eg1HHrjMZDDpB8sQH5m05lIr1apxyv7l6CUy8SG-P7kg-aQOEDlexcGN/s1600/screenshot.9.jpg)
3 - Connecting with SFTP
- From Kali let's start an SFTP connection to Debian using user marie:
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiuW3oHmnKBHjCdCaDwVjUSp9O_A1RjRpH1Me_wlhtV1vlHwd3EmGPIQJBh0gzsgwGqU3F4KH1iFp8k5IXFQ7dKMF-Go2-H9CmDIVMkmnIpwd0JNMhhst9CFW_OL9AlrR6-Gr-fm8PSy3VM/s1600/screenshot.13.jpg)
- Determining the remote current directory with pwd:
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg_5t_DzqZ4-SQnebrFlrgpndjDfsZ_SIjUmKeyEajS5HsZ3Np1NXqwiIILpLBDcb3mI_03UY1wcW8YAxCRJy79o3XQz9_4baKHd_EP_oFRe49FcK4gkatWHvz8NJ_Srf1WrNgxqx9VzbPd/s1600/screenshot.14.jpg)
- To have help about SFTP commands just use the command ?:
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjNiD9mkhynucdj_NjwtTmN-SuTiGXWz91KyYGNdJEiaRbihsMV9gU-jg_D7LAhR5DwRC9mlC4BGQh5ggp3KjLJIVulE2eGBBtvgiCOcsGohy8uOC68zmUnL-DQ7QIuytxovq-zN3HfhAnp/s1600/screenshot.47.jpg)
4 - GET command to download files with SFTP
- Debian has got a local file that Kali is interested to download:
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhREf2O916f7GOjuDv06pxMbSRd_MEsFlfP9w2rrvPvx90eXjKa2Ca7VoH-KXPxqKJ3mafilbsIe1co58MaDgmRDG8UatzQnqpwtnmVcuUCoRixvlJWnA_aEZtbbQ1LS1Llbqicv9g1QgPj/s1600/screenshot.15.jpg)
- Searching for the file remotely from Kali:
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjFZZt6nht3qeT5MmMdKS_WS3Sp8LzK0lC4U44RvibDrf36krvqQ8L6hDn8nacRjcOBEV2xPJNID7wpt2uRZCeKfGaDIKW4gx1P-RvYkuL5Yeg4-f40VGXbPFYKh1ps8G4YLsqjqnR5wkU2/s1600/screenshot.17.jpg)
- Changing to the directory that holds the file:
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiLdP9NlHeawcMUIQz9FgLEIXZKUccUpHGkHwgRocFMoQsZcQUsdlTQuZ7W8J3RXNZ9JYPVQw1XviI3m96di-PmPWPg1ECXknPpx6wHcR0Fj-Rk0l4RYQ9yMVEvule4rF4pYX0NWmD_D1ft/s1600/screenshot.18.jpg)
- Listing the file:
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhAg3Brt_oB-15HegcIEgl3hfHHCV3VUizd_MOTdPZCR7IAtnNGCsF1xCu8iqWUXohEV1Lu76IKVouR5rF0dsQ9KiHOCBfhbx8rdmzmBrAdviVWTbUXGDDM-DZqJpbgMZPLSQz4s-TDr557/s1600/screenshot.19.jpg)
- The command get followed by the filename downloads it from Debian to Kali:
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiEA_HPgX_vc_xNh-hZ04fX_fQqf5GEm0iG8n8sUowdgV5cWGOyJFsi4-5FbF-hokyDMbJBf-WPnbysz9F_wgLrigKGv-w8HWaQbu_DIP3acxK4udE7TSFfj6fGz2OKFmvUSoN8sLhDKSxi/s1600/screenshot.23.jpg)
- Checking that the downloading process has been successful:
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj_Y7Nv-PbuXysts9X-M0ilCWgBTqy0EaamqKMa1lpB8pVDq0Cr4AP2rgN8XpWTIf4cNwRI4GCljxJ6fDazs311mQ8PvIj0Lkk5XTS1KxjLNj1h9NabmJZEV24BVqzEXdcElB53TBsQPtu_/s400/screenshot.30.jpg)
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEilCAW_a8SkY1c5bfQVgUkA7dIBLN0mx5Qa4KaIn8_uIdO5EEtjYExB07HtK7CqNFpGvkk0nwO6dnWle4HiwwhUWn2lEUIfueYB1Zx_iVwd3YyjM4xfavYUrW21ii1GlqNgXtvEQaqq9rQk/s1600/screenshot.31.jpg)
5 - PUT command to upload files with SFTP
- Creating a new directory remotely at Debian from Kali:
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi_MuCNIq9g3LlLWyuIaQyv34YL25_C3HlWxqL3f8pWnWHH5KQK3TtQ_1ww4x7yfBAq5X7ZxA7TlNKjP9mgQuaVbMcCG7eYFWfeHBS600-KsoH3812pHwbxmV1Cj-PQhhtS2aH47LViTpa2/s1600/screenshot.21.jpg)
- Changing to the new directory:
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhb1AGlZtQMjNLVojiCKBv8BCPwh2LxmuoeKYDb-bskZg6cOdoMVfzseDay0ghEIzll8OOxbbSXzosENranUyI9F1Wj2Yov13l6i29ME1zRUFa08fUdvTxwmu2M-tNeDZzEmYjydEQpwRRG/s400/screenshot.22.jpg)
- Kali has got a local file that is going to be uploaded to Debian:
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhlucXFfEtYdimwa96zlkEbRQY0qjSA1wt90WXb2TLL47KwvoI0gojuhkTeEnnHvaZQYUoF4QiPEhZ8KX2FFGicEZWlrbZ1Z5xtDcKqvbE_Fh0oRE6hJjyNENS78ewnhqMPc8OeHFLkNRRA/s1600/screenshot.33.jpg)
- The command put followed by the path to the local file and its filename triggers the uploading process:
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhTCJe6keWaLBstBxemCG2MC37gc3c760_x6_suRG3KUpAKEQHRsDZHeP2iiRFlbsdi1k2GGCW1-DLDbdqL3b5t0cfuXj2H46z4Y3JsLbDkjxeg052M2-ScuGf66uj0PBEhPbeezscpy67U/s1600/screenshot.26.jpg)
- Checking that the uploading process has been successful:
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiGcfrii4HHKyfcRszvCkzpcdzwwyYZv3As4-nq0roG8MQh6g4EyE6sejcvH44Vmi9j9o1Sf8-wlPMFT-AL_j7Vhpnj4ATzFa9dKrNyM2gwuoZJqXd5mnyZ0MQc0RczkUh-4atu8gP8uZog/s1600/screenshot.27.jpg)
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgxW5iA-CkA0nuyGNI-cUPz34VdFH2fpibj4nAekCHPWwnIxhoWo_AsN7Foe-tDIjlu2kXGtYzKK-e0qFAyhh0J7OFce68sl3zpey8KfrVD7icSHrphE2DPrKdRpH0hCQ6uloVO_7APil23/s1600/screenshot.28.jpg)
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhk0pjw1Cs79wnkhrm9OSYqlLp8zQLhY1ZJHt1EguBV1OuzxWQCSE3IZsEJPRqe-VY79R9qyYylACSPyx26KS3gXU7graDe50sut0PwyCcUfVnR_QX1GjJ-94yDQ0C1NwFQ8jsAof5dPVjQ/s1600/screenshot.29.jpg)
6 - RM command to remove files remotely with SFTP
- Now, let's remove the uploaded file with rm command:
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhfFSlWpRxLnsZwHM3BLSIfYCrONs93yLsX_tLSA3ah_RP2HLmlP5B41JpdBEFj42n_0etwyC2SL7juLmYppOnV7QZ12ithejo7A_OSzh7ZX1_Hqcoene1nibX8OD6K_JBR6nRbfMpDgeSE/s1600/screenshot.43.jpg)
- Checking that the removal has been successful:
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjw-6PEe_VlXL-Ev9L4Q8DWH7DDSKgneQPlKt4kh7531m5qPZQBoXKzt7-VTXEM-J7FgvgEhHq632hm5b9DsK_keJPbwiBP_8tDy6A7fvBZ7DTa1tHohUvYUnbDh51_4-rlzV-kQhINIG88/s1600/screenshot.46.jpg)
7 - Analyzing the encrypted SFTP connection with Wireshark
- Starting Wireshark at the Kali machine:
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg0DPT5UuzjdJCU7p13l_tk2_DnvQt4DaEnPM7YaP56P2C37eMRl4ZwN2fl0xq4QeZ0UNt-hLw5jfb8hJuy4qgzkPuPEqlUOovOvl3d-PJIkIQhumAJgcKUvaCL5bzoSiV35EEbgxSHtmDJ/s400/screenshot.36.jpg)
- Applying filter: ssh (because SFTP is a subsystem of SSH) the whole connection between Debian (192.168.1.18) and Kali (192.168.1.19) is available. Let's notice that the destination port at Debian is port 22, as expected:
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg9neNS6v8iQg1ZJm6aZHEXuyK4a7JZgokuRWBOvaOzrD-SPi1kocWzJqj3S0r9ATEfJJaS-n0QZLqMRo5irOYkcMRDNkG-DBxvrPTxK68bmBUnjjZ-sbvxQZcXbuuI8d4esCTg8CnOdyLG/s1600/screenshot.37.jpg)
- It is interesting to check that the whole connection is encrypted, so a potential sniffer could not access to the real contents of the transfer. For instance:
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgMhBrLf_LC1-_B7P6vH5mhMs5l7G1oXCba7-yKPzhGQy0ShogdSQeUMPZ9Yk4xgJh_Q1VJbeJaFSCsgSZV5nXQqt3nnPkl-AD_8rfTZLeERobjKPNd9asCEwKGRmY_SGCGexN8DztnKH03/s1600/screenshot.39.jpg)
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjfkniknVG0epKJZ2XVUbGpkSZMyBrHysYoWAD3rsGDMiVyho3Tg9yvchMXoH8j7MWzfPWdsMciJWeIyRg2Y1-ciMYkQtVAF7t1PeRY0KuwWDA6598ACiMHLQUEN_tcl0ttpLANlTK3Fjvu/s1600/screenshot.38.jpg)
- Also, applying Follow TCP Stream option, the stream is displayed encrypted:
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgJDFpdqddIqdCWQgO4-FVhLhYOTEWFTE9HGkKMMQk_53nLhyphenhyphensHIB9eLKvAwSk6cYYbd_BdQ4RuhP7TADoam2Wqbk9gzYPMwUtspQPbAlDPc-0i3lq8arD8tYH5WjnzuJKnL1rjjn_29WZp/s1600/screenshot.40.jpg)