2020-08-08

Bypassing internet connectivity and copy-paste restriction to Infiltrating malicious data

 

In this blog post will discuss about the infiltration of data to a machine which has following restrictions:

  1. Internet connectivity is not allowed.
  2. Copy-Paste operation is blocked.
  3. File uploading is restricted

Scenario:

We have a machine which is not connected to internet but hosted inside the corporate network. The machine is connected to a DNS server which can resolve the internet based domain DNS queries.

Here, to import the malicious binary file or code, we make DNS request to internal DNS server. Internal DNS server perform the query from internet and send back the output to user machine.

Host machine cant not reach internet based domain name.

But when user perform DNS query, it is getting routed therough one of internal DNS server and domain name is getting resolved.

Infiltrating the data from internet using DNS TXT record

DNS TXT record allow user to specify the text for the domain name. Definition provided by Wikipedia is:

"A TXT record (short for text record) is a type of resource record in the Domain name systemically (DNS) used to provide the ability to associate arbitrary text with a host or other name, such as human readable information about a server, network, data center, or other accounting information."

I added the TXT record for domain name "box.mannulinux.org"

NSLOOKUP command has facility to perform DNS TXT record query for a domain. To perform the TXT record query, use below mentioned command:


 
In my case it will be:

TXT record dont have restriction on type of text which can be specified by a user. User can specify the base64 encoded text or even binary:

Again perform the query and we will get the data:

Decoding the text using PowerShell

To get the actual data, we need to perform base64 decoding and it can be achieved using Powershell.

Below mentioned Powershell code help user to get the base64 decoded data from encoded string:



Import Big text

To import text, I used "Namecheap" domain service. There may be restriction on TXT record input data due to DNS server implementation.

In case, user is not able to insert complete text due to data limit, user can associate multiple TXT records for a domain name. 

So to import text which has length more then what you can specify in TXT record, add multiple TXT records. When DNS query will be performed, data will be fetched.

Converted the binary file data into base64 encoded form and specified in TXT record:

 Performed the DNS query to get the data embedded in TXT record:

Now, perform the base64 decoding operation on the grabbed text and save it in the file.

PowerShell and CMD is restricted

 In case, host machine is hardened and user is not allow to access either PowerShell or CMD, we can use VBS code to perform DNS query.
Here is the code which will perform DNS query and save the output to file "nslookup.txt" in "C:\Users\box\Desktop\" directory:


Thanks for reading :)

Special thanks to Sean Metcalf, OJ, hacker fantastic, A K Reddy,Vincent Yiu, Andrew Robbins, will, Benjamin Delpy, Marcello, Andrew van der Stock, g0tmi1k, Alvaro Muñoz, b33f, pancake, m3g9tr0nAnurag Srivastava, vivek chauhan



--==[[ With Love from Team IndiShell ]]==--
                             
 --==[[ Greetz To ]]==--
############################################################################################
#zero cool, code breaker ica, root_devil, google_warrior, INX_r0ot, Darkwolf indishell, Baba
#Silent poison India, Magnum sniper, ethicalnoob Indishell, Reborn India, L0rd Crus4d3r, cool toad
#Hackuin,Alicks,mike waals, Dinelson Amine, cyber gladiator, Cyber Ace, Golden boy INDIA
#Ketan Singh, AR AR, saad abbasi, Minhal Mehdi, Raj bhai ji, Hacking queen, lovetherisk, Bikash Dash, D3
#############################################################################################
                             --==[[Love to]]==--
# My Father ,my Ex Teacher, cold fire hacker, Mannu, ViKi,Ashu bhai ji, Soldier Of God, Bhuppi, Anurag, Cyber Warrior, Vivek Sir
#Mohit, Ffe, Ashish, Shardhanand, Budhaoo,Incredible, Hacker fantastic, Jennifer Arcuri and Don(Deepika kaushik)


 

 

Share this post

0 comments

:) :-) :)) =)) :( :-( :(( :d :-d @-) :p :o :>) (o) [-( :-? (p) :-s (m) 8-) :-t :-b b-( :-# =p~ :-$ (b) (f) x-) (k) (h) (c) cheer

© 2009 Start With Linux | Mannu Linux
Designed by cyb3r.gladiat0r
Posts RSSComments RSS
Back to top