Wednesday, October 14, 2015

Upload files to BOX over FTPS

I wanted to upload some files from a linux machine to my BOX account. However I wanted to do this all via the command line. There are scenarios where all I have access to is the cli and I didn't want to transfer the files to another machine that had a web browser. Besides there are times when using the cli is more efficient.

First I tried ftp. So I found on the internets that BOX supports ftp.

However since I have an account with SSO I need to create an external password. You have to do this within the BOX portal of your account settings.


I recommend a randomly generated long password (> 12 Chars) for this and use a password manager to keep track of it. Don't use your SSO password. Don't be lazy! There are probably hackers out there who are already trying to bruteforce attack accounts using this attack vector. If they get this password, they get your SSO password.

You probably want to click the Log out of all Box applications using this account check box. This will prevent this external password from being used on other types of apps like mobile devices.

Side note: I like the fact that BOX keeps track of your login activity with the application you are trying to use, ie FTP server, Windows Chrome, etc and the geo location of the login.

user@ubuntu:~$ ftp ftp.box.com
Connected to ftp.box.com.
220 Service ready for new user.
Name (ftp.box.com:user): <username>
331 User name okay, need password for <username>
Password:
530 Box: Company.com does not allow regular FTP; use FTPS instead. (Both "explicit" and "implicit" FTPS are supported.)

Doh. Fail.

Duh! We need a secure connection.

Ok. I haven't used FTPS before. I've used SFTP, but not this other method.

FTPS uses SSL.

So after consulting with the internets I found I can use lftp.

user@ubuntu:~$ sudo apt-get install lftp
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following NEW packages will be installed:
  lftp

My second try:

user@ubuntu:~$ lftp -u user@company.com ftp.box.com
Password:
lftp user@company.com@ftp.box.com:~> ls
drwx------   1 owner group            0 Sep 24 17:41 PoCs
drwx------   1 owner group            0 Aug 27 10:18 Demos
drwx------   1 owner group            0 Aug 27 10:19 Docs

interesting to see the shell.

lftp user@company.com@ftp.box.com:/> cd PoCs
lftp user@company.com@ftp.box.com:/PoCs> put file.zip
47408 bytes transferred
lftp user@company.com@ftp.box.com:/PoCs> exit

Success!

I can see that lftp has a parameter for sending a command. Which means I can automate this process using a shell script.

lftp -e 'unix command' -u <username>,<password> ftp.box.com

user@company.com:~$ lftp -e 'ls; bye' -u user,password ftp.box.com
lftp user@company.com@ftp.box.com:~> ls
drwx------   1 owner group            0 Sep 24 17:41 PoCs
drwx------   1 owner group            0 Aug 27 10:18 Demos
drwx------   1 owner group            0 Aug 27 10:19 Docs
-rw-------   1 owner group    47408 Sep 27 10:39 file.zip
user@company.com:~$

No comments:

Post a Comment