Kuwongolera kwa DNS kumasintha dzina la domain kukhala chida cha obera. DNS kwenikweni ndi buku lalikulu la mafoni pa intaneti. DNS ndiyenso protocol yoyambira yomwe imalola olamulira kuti afufuze nkhokwe ya seva ya DNS. Mpaka pano zonse zikuwoneka bwino. Koma obera anzeru adazindikira kuti amatha kulumikizana mwachinsinsi ndi kompyuta yomwe idazunzidwayo polowetsa malamulo owongolera ndi data mu protocol ya DNS. Lingaliro ili ndiye maziko a DNS tunneling.
Momwe DNS tunneling imagwirira ntchito
Chilichonse pa intaneti chili ndi protocol yake yosiyana. Ndipo thandizo la DNS ndilosavuta pempho-yankho mtundu. Ngati mukufuna kuwona momwe zimagwirira ntchito, mutha kuyendetsa nslookup, chida chachikulu chopangira mafunso a DNS. Mutha kupempha adilesi pongotchula dzina la domain lomwe mukufuna, mwachitsanzo:
Kwa ife, protocol idayankha ndi adilesi ya IP. Pankhani ya protocol ya DNS, ndidapempha adilesi kapena zomwe zimatchedwa pempho. "A" mtundu. Palinso mitundu ina ya zopempha, ndipo protocol ya DNS idzayankha ndi magawo osiyanasiyana a data, omwe, monga momwe tidzaonera pambuyo pake, angagwiritsidwe ntchito ndi owononga.
Njira imodzi kapena imzake, pachimake, protocol ya DNS ikukhudzana ndi kutumiza pempho kwa seva ndikuyankha kwake kwa kasitomala. Nanga bwanji ngati wowukira akuwonjezera uthenga wobisika mkati mwa pempho la dzina la domain? Mwachitsanzo, m'malo molowetsa ulalo wovomerezeka, alowetsa zomwe akufuna kutumiza:
Tinene kuti wowukira akuwongolera seva ya DNS. Ikhoza kutumiza deta-zaumwini, mwachitsanzo-osadziwidwa. Kupatula apo, chifukwa chiyani funso la DNS lingakhale losaloledwa?
Poyang'anira seva, owononga amatha kupanga mayankho ndikutumiza deta ku dongosolo lomwe mukufuna. Izi zimawalola kutumiza mauthenga obisika m'magawo osiyanasiyana a DNS kuyankha kwa pulogalamu yaumbanda pamakina omwe ali ndi kachilombo, ndi malangizo monga kusaka mkati mwa foda inayake.
The "tunneling" gawo la kuwukira uku deta ndi malamulo kuchokera kuzindikiridwa ndi machitidwe oyang'anira. Ma hackers amatha kugwiritsa ntchito base32, base64, ndi zina zambiri, kapenanso kubisa deta. Kusungitsa kotereku kumadutsa osazindikirika ndi zida zosavuta zowunikira zomwe zimafufuza mawu osavuta.
Ndipo uku ndikusintha kwa DNS!
Mbiri ya DNS tunneling kuukira
Chilichonse chili ndi poyambira, kuphatikiza lingaliro lakubera protocol ya DNS pazolinga zobera. Monga momwe tingadziwire, choyamba Izi zidachitika ndi Oskar Pearson pamndandanda wamakalata a Bugtraq mu Epulo 1998.
Pofika mchaka cha 2004, kujambula kwa DNS kudayambitsidwa ku Black Hat ngati njira yozembera mu ulaliki wa Dan Kaminsky. Chifukwa chake, lingalirolo lidakula mwachangu kukhala chida chenicheni choukira.
Masiku ano, DNS tunneling ili ndi chidaliro pamapu (ndipo olemba mabulogi otetezedwa nthawi zambiri amafunsidwa kuti afotokoze).
Kodi munamvapo ? Iyi ndi kampeni yomwe ikuchitikabe yamagulu a zigawenga zapaintaneti - omwe mwina amathandizidwa ndi boma - kulanda ma seva ovomerezeka a DNS kuti atumize zopempha za DNS kumaseva awo. Izi zikutanthauza kuti mabungwe adzalandira ma adilesi "oyipa" a IP omwe akulozera masamba abodza omwe amayendetsedwa ndi akuba, monga Google kapena FedEx. Nthawi yomweyo, owukira azitha kupeza maakaunti a ogwiritsa ntchito ndi mapasiwedi, omwe angawalowetse mosadziwa pamasamba onama. Uku sikuchulukira kwa DNS, koma zotsatira zina zatsoka za obera omwe amawongolera ma seva a DNS.
DNS tunneling ziwopsezo
Kuwongolera kwa DNS kuli ngati chizindikiro cha chiyambi cha nkhani zoipa. Ndi ati? Takambirana kale zingapo, koma tiyeni tipange:
- Kutulutsa kwa data (exfiltration) - wowononga amatumiza mobisa deta yovuta pa DNS. Iyi si njira yabwino kwambiri yosamutsira chidziwitso kuchokera pakompyuta yovutitsidwa - poganizira ndalama zonse ndi ma encodings - koma imagwira ntchito, ndipo nthawi yomweyo - mobisa!
- Command and Control (chidule C2) - obera amagwiritsa ntchito protocol ya DNS kutumiza malamulo osavuta owongolera kudzera, kunena, (Remote Access Trojan, chidule cha RAT).
- IP-Over-DNS Tunneling - Izi zitha kumveka ngati zamisala, koma pali zida zomwe zimagwiritsa ntchito stack ya IP pamwamba pa zopempha ndi mayankho a DNS protocol. Zimapangitsa kusamutsa deta pogwiritsa ntchito FTP, Netcat, ssh, ndi zina. ntchito yophweka. Zowopsa kwambiri!
Kuzindikira kusintha kwa DNS
Pali njira ziwiri zazikulu zodziwira nkhanza za DNS: kusanthula katundu ndi kusanthula magalimoto.
pa kusanthula katundu Chipani choteteza chimayang'ana zolakwika mu data yomwe imatumizidwa mmbuyo ndi mtsogolo zomwe zitha kuzindikirika ndi njira zowerengera: mayina owoneka achilendo, mtundu wamtundu wa DNS womwe sugwiritsidwa ntchito nthawi zambiri, kapena ma encoding osakhazikika.
pa kusanthula magalimoto Chiwerengero cha zopempha za DNS ku domeni iliyonse zikuyerekezedwa poyerekeza ndi kuchuluka kwa ziwerengero. Owukira omwe amagwiritsa ntchito kuwongolera kwa DNS apanga kuchuluka kwa magalimoto ku seva. M'malingaliro, apamwamba kwambiri kuposa kusinthana kwa uthenga wa DNS. Ndipo izi ziyenera kuyang'aniridwa!
DNS tunneling zida
Ngati mukufuna kuchita pentest yanu ndikuwona momwe kampani yanu ingazindikire ndikuyankhira kuzochitika zotere, pali zingapo zothandizira izi. Onse a iwo akhoza tunnel mu mode IP-Over-DNS:
- - kupezeka pamapulatifomu ambiri (Linux, Mac OS, FreeBSD ndi Windows). Imakulolani kuti muyike chipolopolo cha SSH pakati pa chandamale ndikuwongolera makompyuta. Ndilo labwino pa kukhazikitsa ndi kugwiritsa ntchito ayodini.
- - Ntchito yosinthira DNS kuchokera kwa Dan Kaminsky, yolembedwa ku Perl. Mutha kulumikizana nazo kudzera pa SSH.
- - "Njira ya DNS yomwe simadwala." Amapanga njira yobisika ya C2 yotumiza/kutsitsa mafayilo, kuyambitsa zipolopolo, ndi zina.
DNS kuyang'anira zofunikira
Pansipa pali mndandanda wazinthu zingapo zomwe zingakuthandizeni kuzindikira ziwopsezo za tunneling:
- - Python module yolembera MercenaryHuntFramework ndi Mercenary-Linux. Amawerenga mafayilo a .pcap, amachotsa mafunso a DNS ndikupanga mapu a geolocation kuti athandizire kusanthula.
- - chida cha Python chomwe chimawerenga mafayilo a .pcap ndikusanthula mauthenga a DNS.
Micro FAQ pa DNS tunneling
Zambiri zothandiza munjira ya mafunso ndi mayankho!
Q: Kodi tunneling ndi chiyani?
Za: Ndi chabe njira kusamutsa deta pa ndondomeko alipo. Protocol yoyambira imapereka njira kapena ngalande yodzipereka, yomwe imagwiritsidwa ntchito kubisa zomwe zikufalitsidwa.
Q: Kodi kuukira koyamba kwa DNS kunachitika liti?
Za: Sitikudziwa! Ngati mukudziwa, chonde tidziwitseni. Monga momwe tikudziwira, kukambirana koyamba za chiwembuchi kunayambitsidwa ndi Oscar Piersan pamndandanda wamakalata a Bugtraq mu Epulo 1998.
Q: Ndi zotani ziti zomwe zikufanana ndi kuwongolera kwa DNS?
Za: DNS ili kutali ndi njira yokhayo yomwe ingagwiritsidwe ntchito kuwongolera. Mwachitsanzo, pulogalamu yaumbanda ya command and control (C2) nthawi zambiri imagwiritsa ntchito HTTP kubisa njira yolumikizirana. Monga momwe zimakhalira ndi DNS tunneling, wowononga amabisa deta yake, koma pamenepa zikuwoneka ngati magalimoto ochokera kwa osatsegula wamba omwe amapita kumalo akutali (olamulidwa ndi wowukira). Izi zitha kukhala zosazindikirika poyang'anira mapulogalamu ngati sanapangidwe kuti azindikire kugwiritsa ntchito molakwika protocol ya HTTP pazolinga za owononga.
Kodi mungafune kuti tikuthandizireni kuzindikira tunnel ya DNS? Onani module yathu ndipo yesani kwaulere !
Source: www.habr.com