## https://sploitus.com/exploit?id=1982C445-A0DC-5AFB-83E3-957529DA1061
# SFTP POC
This repo now includes a complete local SFTP proof of concept:
- `sftp-server-go/` โ Go SFTP server
- `scripts/poc-upload.sh` โ OpenSSH client smoke test
- `java-sftp-client-sample/` โ Java client sample wired for the same local server
## Quick start
### 1. Create local POC assets
```bash
./scripts/setup-poc.sh
```
This creates:
- `poc/client/alice_ed25519` + `.pub`
- `poc/client/alice_rsa` + `.pub`
- `poc/client/known_hosts`
- `poc/server/data/alice/`
- `java-sftp-client-sample/.env.poc.ed25519`
- `java-sftp-client-sample/.env.poc.rsa`
- `java-sftp-client-sample/.env.poc` (defaults to ed25519)
### 2. Start the SFTP server
```bash
./scripts/run-server.sh
```
Server listens on `127.0.0.1:2222`.
### 3. Trust the server host key
In another terminal, once the server is running:
```bash
./scripts/refresh-known-hosts.sh
```
### 4. Run the client POC
#### Option A: OpenSSH client smoke test
```bash
./scripts/poc-upload.sh # ed25519
./scripts/poc-upload.sh rsa # RSA
```
This uploads `poc/client/sample-upload.txt` to the server and lists the remote directory.
#### Option B: Java client sample
```bash
./scripts/run-java-client.sh # ed25519
./scripts/run-java-client.sh rsa # RSA
```
This loads the matching Java env file and runs the Spring Boot sample.
> `run-java-client.sh` requires `mvn` on your PATH.
## POC layout
- `poc/server/config.yaml` โ server config used by the scripts
- `poc/server/data/` โ server host key and uploaded files
- `poc/client/` โ client private keys, public keys, known_hosts, sample upload file
- `java-sftp-client-sample/.env.poc*` โ Java sample envs wired to the local POC