dfex: DNS File EXfiltration

DNS File EXfiltration

Data exfiltration is a common technique used for post-exploitation, DNS is one of the most common protocols through firewalls. We take the opportunity to build a unique protocol for transferring files across the network.

Existing tools have some limitations and NG Firewalls are getting a bit “smarter”, we have been obliged to explore new combinations of tactics to bypass these. Using the good old fashion “HIPS” (Hidden In Plain Sigh) tricks to push files out.

Installation

Client

apt-get install -y virtualenv python3 python3-pip git
git clone https://github.com/secdev/scapy
cd scapy
sudo python setup.py install && cd .. && sudo rm -rf scapy
virtualenv -p python3 dfex-client
cd dfex-client
source ./bin/activate
git clone https://github.com/ekiojp/dfex
cd dfex
pip3 -r requirements_client.txt install

Server

apt-get install -y virtualenv python3 python3-pip git
git clone https://github.com/secdev/scapy
cd scapy
sudo python setup.py install && cd .. && sudo rm -rf scapy
virtualenv -p python3 dfex-server
cd dfex-server
source ./bin/activate
git clone https://github.com/ekiojp/dfex
cd dfex
pip3 -r requirements_server.txt install

Usage

• Client
• Server

Copyright (c) 2019 Emilio

Source: https://github.com/ekiojp/