Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/ekiojp/dfex

DNS File EXfiltration
https://github.com/ekiojp/dfex

dns exfiltration file post-exploitation

Last synced: 3 months ago
JSON representation

DNS File EXfiltration

Host: GitHub
URL: https://github.com/ekiojp/dfex
Owner: ekiojp
License: mit
Created: 2019-08-23T01:45:32.000Z (about 5 years ago)
Default Branch: master
Last Pushed: 2024-04-12T21:49:14.000Z (7 months ago)
Last Synced: 2024-06-06T23:40:54.447Z (5 months ago)
Topics: dns, exfiltration, file, post-exploitation
Language: Python
Size: 11.7 KB
Stars: 45
Watchers: 2
Forks: 4
Open Issues: 2
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

awesome-hacking-lists - ekiojp/dfex - DNS File EXfiltration (Python)

README

![logo](https://dfex.dob.jp/img/intro-bg.jpg)

## DNS File EXfiltration

Data exfiltration is a common technique used for post-exploitation, DNS is one of the most common protocols through firewalls.
We take the opportunity to build a unique protocol for transferring files across the network.

Existing tools have some limitations and NG Firewalls are getting a bit "smarter", we have been obliged to explore new combinations of tactics to bypass these.
Using the good old fashion "HIPS" (Hidden In Plain Sigh) tricks to push files out

----

## Installation

### Client
```
apt-get install -y virtualenv python3 python3-pip git
git clone https://github.com/secdev/scapy
cd scapy
sudo python setup.py install && cd .. && sudo rm -rf scapy
```

```
virtualenv -p python3 dfex-client
cd dfex-client
source ./bin/activate
```

```
git clone https://github.com/ekiojp/dfex
cd dfex
pip3 -r requirements_client.txt install
```

### Server
```
apt-get install -y virtualenv python3 python3-pip git
git clone https://github.com/secdev/scapy
cd scapy
sudo python setup.py install && cd .. && sudo rm -rf scapy
```

```
virtualenv -p python3 dfex-server
cd dfex-server
source ./bin/activate
```

```
git clone https://github.com/ekiojp/dfex
cd dfex
pip3 -r requirements_server.txt install
```

----

## Usage

[Client](https://github.com/ekiojp/dfex/wiki/DFEX-Client)

[Server](https://github.com/ekiojp/dfex/wiki/DFEX-Server)

----

# Presentations

### Video
[HITB GSEC (Aug 2019)](https://youtu.be/tm2dyKGVNko?t=7493)
### Slides
[BSides Tokyo (Oct 2019)](https://speakerdeck.com/ekio_jp/dfex-dns-file-exfiltration-bsides-tokyo)

[HITB GSEC (Aug 2019)](https://speakerdeck.com/ekio_jp/dfex-dns-file-exfiltration) or
[HITB GSEC (Aug 2019)](https://gsec.hitb.org/materials/sg2019/D2%20COMMSEC%20-%20DFEX%20%e2%80%93%20DNS%20File%20EXfiltration%20-%20Emilio%20Couto.pdf)

----

# ToDo

- [ ] DDFEX - Distributed DNS File Exfiltration
- [ ] Make the code nicer

----

# Disclaimer

The tool is provided for educational, research or testing purposes.

Using this tool against network/systems without prior permission is illegal.

The author is not liable for any damages from misuse of this tool, techniques or code.

----

# Author

Emilio / [@ekio_jp](https://twitter.com/ekio_jp)

----

# Licence

Please see [LICENSE](https://github.com/ekiojp/dfex/blob/master/LICENSE).