Comment on Why is DNS often joked about in the I.T. Industry?

IphtashuFitz@lemmy.world ⁨3⁩ ⁨months⁩ ago

I never would have thought of it but I recently saw a novel use of DNS to exfiltrate data from a compromised server.

My employer takes security very seriously. Our public facing web servers are very thoroughly locked down, or so we thought. We contract with companies like HackerOne to perform penetration testing etc. One of their white hat hackers managed a remote command attack, and copied data off of the server via a string of DNS queries.

Suppose the hacker owned the domain example.com, and he had his own authoritative nameserver for it. He just ran a series of commands that took, for example, a password file, and ran DNS queries for line1.example.com, line2.example.com, line3.example.com and so on for each line in the file. As a result the log file on his DNS server collected each line of the password file as it responded to each query.

source
Sort:hotnewtop