16 Systems - Exfiltrate Files With DNS
jeudi 29 août 2013 à 12:21 CAFAI, le 29/08/2013 à 12:21
You have a normal user account on a host that is on a heavily firewalled network. Traffic on this network is only allowed to pass to a few sites on a white list. There is an IPS, a network firewall and a few other network security devices inline that block packets. However, the DNS server on the network allows you to make queries for any domain name. Because of this, you can exfiltrate files with normal DNS queries. This write-up shows how to do that. It also includes basic/working source code.
(Permalink)
You have a normal user account on a host that is on a heavily firewalled network. Traffic on this network is only allowed to pass to a few sites on a white list. There is an IPS, a network firewall and a few other network security devices inline that block packets. However, the DNS server on the network allows you to make queries for any domain name. Because of this, you can exfiltrate files with normal DNS queries. This write-up shows how to do that. It also includes basic/working source code.
(Permalink)