Data exfiltration is a common technique used for post-exploitation, DNS is one of the most common protocols through firewalls. We take the opportunity to build a unique protocol for transferring files across the network.
Existing tools have some limitations and NG Firewalls are getting a bit "smarter", we have been obliged to explore new combinations of tactics to bypass these. Using the good old fashion "HIPS" (Hidden In Plain Sigh) tricks to push files out
apt-get install -y virtualenv python3 python3-pip git
git clone https://github.com/secdev/scapy
cd scapy
sudo python setup.py install && cd .. && sudo rm -rf scapy
virtualenv -p python3 dfex-client
cd dfex-client
source ./bin/activate
git clone https://github.com/ekiojp/dfex
cd dfex
pip3 -r requirements_client.txt install
apt-get install -y virtualenv python3 python3-pip git
git clone https://github.com/secdev/scapy
cd scapy
sudo python setup.py install && cd .. && sudo rm -rf scapy
virtualenv -p python3 dfex-server
cd dfex-server
source ./bin/activate
git clone https://github.com/ekiojp/dfex
cd dfex
pip3 -r requirements_server.txt install
BSides Tokyo (Oct 2019)
HITB GSEC (Aug 2019) or
HITB GSEC (Aug 2019)
- DDFEX - Distributed DNS File Exfiltration
- Make the code nicer
The tool is provided for educational, research or testing purposes.
Using this tool against network/systems without prior permission is illegal.
The author is not liable for any damages from misuse of this tool, techniques or code.
Emilio / @ekio_jp
Please see LICENSE.