Share
## https://sploitus.com/exploit?id=1982C445-A0DC-5AFB-83E3-957529DA1061
# SFTP POC

This repo now includes a complete local SFTP proof of concept:

- `sftp-server-go/` โ€” Go SFTP server
- `scripts/poc-upload.sh` โ€” OpenSSH client smoke test
- `java-sftp-client-sample/` โ€” Java client sample wired for the same local server

## Quick start

### 1. Create local POC assets

```bash
./scripts/setup-poc.sh
```

This creates:

- `poc/client/alice_ed25519` + `.pub`
- `poc/client/alice_rsa` + `.pub`
- `poc/client/known_hosts`
- `poc/server/data/alice/`
- `java-sftp-client-sample/.env.poc.ed25519`
- `java-sftp-client-sample/.env.poc.rsa`
- `java-sftp-client-sample/.env.poc` (defaults to ed25519)

### 2. Start the SFTP server

```bash
./scripts/run-server.sh
```

Server listens on `127.0.0.1:2222`.

### 3. Trust the server host key

In another terminal, once the server is running:

```bash
./scripts/refresh-known-hosts.sh
```

### 4. Run the client POC

#### Option A: OpenSSH client smoke test

```bash
./scripts/poc-upload.sh        # ed25519
./scripts/poc-upload.sh rsa    # RSA
```

This uploads `poc/client/sample-upload.txt` to the server and lists the remote directory.

#### Option B: Java client sample

```bash
./scripts/run-java-client.sh        # ed25519
./scripts/run-java-client.sh rsa    # RSA
```

This loads the matching Java env file and runs the Spring Boot sample.

> `run-java-client.sh` requires `mvn` on your PATH.

## POC layout

- `poc/server/config.yaml` โ€” server config used by the scripts
- `poc/server/data/` โ€” server host key and uploaded files
- `poc/client/` โ€” client private keys, public keys, known_hosts, sample upload file
- `java-sftp-client-sample/.env.poc*` โ€” Java sample envs wired to the local POC