Learn how to use the dnsteal tool to exfiltrate data across a DNS service in this video.
- [Speaker] We can use the DNS steal tool…to demonstrate how DNS exfiltration works.…dnsteal is a DNS server which receives exfiltrated data.…I'll load this into my user share directory.…We can start dnsteal using its default settings.…And this will establish the DNS server…on our current system, which is using IP address…10 dot nought dot two dot 29.…
Okay, we've now got our DNS destination server set up…on 10 dot nought dot two dot 29 on port 53.…The minus z switch indicates the incoming DNS…will be compressed with zip.…We'll also a verbose on…to see the details of the traffic received.…I'm on my metasploitable target system…and I'll use DNS to exfiltrate some data…using the first script provided by dnsteal.…I have it in a file called sadness dot sh.…
The script's a bit complicated…but let's have a look at the basics of what it's doing.…It's using the variable c and s to split the data,…based on its settings for bites per subdomain,…and subdomains per request.…We can see here, we're using four subdomains…of up to 57 bites each.…
- How tunneling works
- Running a local SSH tunnel
- Dynamic SSH tunneling
- Pivoting with Armitage and Metaspoit
- Exfiltrating using DET and DNS
- Covert exfiltration with Cachetalk
- Using PyExfil to exfiltrate over HTTPS
Skill Level Advanced
Ethical Hacking: Penetration Testingwith Lisa Bock1h 29m Intermediate
Penetration Testing Essential Trainingwith Malcolm Shore2h 29m Intermediate
Penetration Testing: Advanced Kali Linuxwith Malcolm Shore2h 22m Intermediate
1. Preparing the Lab
Next steps1m 38s
- Mark as unwatched
- Mark all as unwatched
Are you sure you want to mark all the videos in this course as unwatched?
This will not affect your course history, your reports, or your certificates of completion for this course.Cancel
Take notes with your new membership!
Type in the entry box, then click Enter to save your note.
1:30Press on any video thumbnail to jump immediately to the timecode shown.
Notes are saved with you account but can also be exported as plain text, MS Word, PDF, Google Doc, or Evernote.