GitHub - ettic-team/dnsbin: The request.bin of DNS request
2019-08-17 19:41:49 Author: github.com(查看原文) 阅读量:239 收藏

The request.bin of DNS request

DNSBin is a simple tool to test data exfiltration through DNS and help test vulnerability like RCE or XXE when the environment has significant constraint. The project is in two parts, the first one is the web server and it's component. It offers a basic web UI, for most cases you won't need more than this. The client part offers a python script which allows data to be transfered in both direction through DNS using the web service.

Demo

http://dnsbin.zhack.ca/

Setup and installation

DNS

The current DNS setup that I have for the demo server is the following one. Do note that I did this with trial and error, so the setup may be overcomplicated or may have issues. If you are more knowledgeable feel free to open an issue.

  • Add a "A" record for the domain "dns1.zhack.ca" that points to "192.99.55.194".
  • Add a "A" record for the domain "ns1.zhack.ca" that points to "192.99.55.194".
  • Add a "NS" record for the domain "d.zhack.ca" with the value "dns1.zhack.ca".
  • Add a "NS" record for the domain "d.zhack.ca" with the value "ns1.zhack.ca".

Web Hosting

It's highly recommended to start the DNS receiver and WebSocket endpoint with the Node.JS module "forever".

forever start index.js

For the frontend, the file "index.html" can be hosted on the webserver of your choice. Make sure that the WebSocket URL points to your server.

Client

The client script requires "dnspython" to be installed on both end. Whether you are sending or receiving data, you must first start the script on the machine that's outside of the restricted zone. The script will provide you with a unique token that you must pass when running the script on the machine that's inside of the restricted zone.

Example sending data

Outside machine

echo test12345 | python main.py -f- -d out -t-

Inside machine

python main.py -f- -d in -t TOKEN_THE_FIRST_COMMAND_GAVE_YOU

Example receiving data

Outside machine

python main.py -f- -d in -t-

Inside machine

echo test12345 | python main.py -f- -d out -t TOKEN_THE_FIRST_COMMAND_GAVE_YOU


文章来源: https://github.com/ettic-team/dnsbin
如有侵权请联系:admin#unsafe.sh