I-DNS tunneling ijika inkqubo yegama lesizinda ibe sisixhobo sabaduni. I-DNS yincwadi enkulu yefowuni ye-Intanethi. I-DNS ikwayiprothokholi esisiseko evumela abalawuli ukuba babuze iseva yedatha ye-DNS. Ukuza kuthi ga ngoku yonke into ibonakala icacile. Kodwa abahlaseli abanobuqili baqonda ukuba banokunxibelelana ngasese nekhompyuter yexhoba ngokufaka imiyalelo yolawulo kunye nedatha kwiprotocol ye-DNS. Le ngcamango isisiseko se-DNS tunneling.
Indlela i-DNS tunneling isebenza ngayo
Yonke into kwi-Intanethi ineprotocol yayo eyahlukileyo. Kwaye inkxaso ye-DNS ilula uhlobo lwempendulo yesicelo. Ukuba ufuna ukubona ukuba isebenza njani, ungaqhuba i-nslookup, esona sixhobo siphambili sokwenza imibuzo ye-DNS. Ungacela idilesi ngokuchaza ngokulula igama lesizinda onomdla kulo, umzekelo:
Kwimeko yethu, iprotocol iphendule ngedilesi ye-IP yesizinda. Ngokwemigaqo ye-DNS protocol, ndenze isicelo sedilesi okanye into ebizwa ngokuba yisicelo. "A" uhlobo. Kukho ezinye iintlobo zezicelo, kwaye iprotocol ye-DNS iya kuphendula ngesethi eyahlukileyo yedatha yedatha, leyo, njengoko siza kubona kamva, ingasetyenziswa ngabaduni.
Enye indlela okanye enye, kwisiseko sayo, iprotocol ye-DNS ijongene nokudlulisa isicelo kumncedisi kunye nempendulo yayo kumthengi. Kuthekani ukuba umhlaseli wongeza umyalezo ofihliweyo ngaphakathi kwesicelo segama lesizinda? Umzekelo, endaweni yokufaka i-URL esemthethweni ngokupheleleyo, uya kufaka idatha afuna ukuyihambisa:
Masithi umhlaseli ulawula iseva ye-DNS. Iyakwazi ukuthumela idatha-idatha yomntu, umzekelo-ngaphandle kokuba ifunyenwe. Ngapha koko, kutheni umbuzo we-DNS unokuthi ngequbuliso ube yinto engekho mthethweni?
Ngokulawula umncedisi, abahlaseli banokwenza iimpendulo kwaye bathumele idatha kwindlela ekujoliswe kuyo. Oku kubavumela ukuba bagqithise imiyalezo efihliweyo kwimimandla eyahlukeneyo yempendulo ye-DNS kwi-malware kumatshini owosulelekileyo, kunye nemiyalelo efana nokukhangela ngaphakathi kwifolda ethile.
I "tunneling" inxalenye yolu hlaselo idatha kunye nemiyalelo evela ekubhaqweni ngokubeka iliso kwiinkqubo. Abahlaseli banokusebenzisa i-base32, base64, njl njl. Olu guqulelo lwekhowudi luza kudlula lungakhange lubonwe zizixhobo ezilula zokukhangela izoyikiso ezikhangela okubhaliweyo.
Kwaye le yi-DNS tunneling!
Imbali yohlaselo lwe-DNS tunneling
Yonke into inesiqalo, kubandakanya nombono wokuqweqwedisa iprotocol ye-DNS ngeenjongo zokugqekeza. Njengoko sinokutsho, eyokuqala Olu hlaselo lwenziwa ngu-Oskar Pearson kuluhlu lokuposa lwe-Bugtraq ngo-Epreli ka-1998.
Ngo-2004, i-DNS tunneling yaziswa kwi-Black Hat njengendlela yokukhwabanisa kwintetho kaDan Kaminsky. Ke, umbono wakhula ngokukhawuleza waba sisixhobo sokuhlasela sokwenyani.
Namhlanje, i-DNS tunneling ikwindawo yokuzithemba kwimephu (kunye neeblogi zokhuseleko lolwazi zihlala zibuzwa ukuba ziyichaze).
Ngaba uvile malunga ? Eli liphulo eliqhubekayo lamaqela e-cybercriminal-awona axhaswe ngurhulumente-ukuqweqwedisa iiseva ezisemthethweni ze-DNS ukuze ziphinde ziqondise izicelo ze-DNS kwiiseva zabo. Oku kuthetha ukuba imibutho iya kufumana iidilesi ze-IP "ezimbi" ezikhomba kumaphepha ewebhu angeyonyani aqhutywa ngabaduni, njengeGoogle okanye iFedEx. Kwangaxeshanye, abahlaseli baya kukwazi ukufumana iakhawunti yomsebenzisi kunye neepassword, abaya kuthi ngokungazi bangene kwiindawo ezingeyonyani. Oku akuyiyo i-DNS tunneling, kodwa esinye isiphumo esibi sabahlaseli abalawula iiseva ze-DNS.
Izoyikiso zokuhambisa i-DNS
I-DNS tunneling ifana nesalathisi sokuqala kwesigaba seendaba ezimbi. Eziphi? Sele sithethile ngezininzi, kodwa masizimise:
- Imveliso yedatha (exfiltration) -I-hacker idlulisela ngokufihlakeleyo idatha ebalulekileyo kwi-DNS. Oku ngokuqinisekileyo akuyona indlela efanelekileyo kakhulu yokudlulisa ulwazi kwikhompyutheni yexhoba - ngokuqwalasela zonke iindleko kunye ne-encodings - kodwa isebenza, kwaye ngexesha elifanayo - ngokufihlakeleyo!
- Umyalelo noLawulo (isifinyezo C2) -abahlaseli basebenzisa iprotocol yeDNS ukuthumela imiyalelo elula yokulawula, yithi, (I-Remote Access Trojan, i-RAT efinyeziweyo).
- IP-Over-DNS Tunneling -Oku kunokuvakala ngathi kuyaphambana, kodwa kukho izinto eziluncedo ezisebenzisa istaki se-IP ngaphezulu kwezicelo zeprotocol yeDNS kunye neempendulo. Yenza ukudluliselwa kwedatha usebenzisa i-FTP, i-Netcat, i-ssh, njl. umsebenzi olula noko. Kuyoyikeka kakhulu!
Ukubona itonela ye-DNS
Kukho iindlela ezimbini eziphambili zokufumanisa ukusetyenziswa kakubi kwe-DNS: uhlalutyo lomthwalo kunye nohlalutyo lwendlela.
e uhlalutyo lomthwalo Iqela elikhuselayo lijonga izinto ezingaqhelekanga kwidatha ethunyelwa ngasemva naphambili enokubonwa ngeendlela zobalo: amagama amamkeli akhangeleka engaqhelekanga, uhlobo lwerekhodi ye-DNS olungasetyenziswa rhoqo, okanye ukukhowudwa okungaqhelekanga.
e uhlalutyo lwendlela Inani lezicelo ze-DNS kwi-domain nganye liqikelelwa xa lithelekiswa nomndilili wamanani. Abahlaseli abasebenzisa i-DNS tunneling baya kuvelisa inani elikhulu le-traffic kumncedisi. Ngokwethiyori, iphezulu kakhulu kunotshintshiselwano lwemiyalezo yeDNS eqhelekileyo. Kwaye oku kufuneka kulandelelwe!
DNS itonela eziluncedo
Ukuba ufuna ukwenza eyakho ipentest kwaye ubone ukuba inkampani yakho inokubona kwaye isabele kangakanani na kulo msebenzi, kukho izinto ezininzi eziluncedo zoku. Zonke ziyakwazi ukukhwela itonela kwimowudi IP-Over-DNS:
- -ifumaneka kumaqonga amaninzi (Linux, Mac OS, FreeBSD kunye neWindows). Ikuvumela ukuba ufake iqokobhe le-SSH phakathi kwethagethi kunye nolawulo lweekhompyuter. Yinto entle leyo ekusetheni nasekusebenziseni i-Iodine.
- -Iprojekthi ye-DNS tunneling evela kuDan Kaminsky, ebhalwe kwiPerl. Ungaqhagamshela kuyo nge-SSH.
- "Itonela ye-DNS engakugulisi." Yenza isitishi esifihliweyo seC2 sokuthumela/ukukhuphela iifayile, ukusungula amaqokobhe, njl.
DNS esweni eziluncedo
Apha ngezantsi kukho uluhlu lwezinto ezininzi eziya kuba luncedo ekuboneni uhlaselo lwetonela:
- -Imodyuli yePython ebhalelwe iMercenaryHuntFramework kunye neMercenary-Linux. Ifunda iifayile ze-pcap, ikhupha imibuzo ye-DNS kwaye yenza imephu ye-geolocation ukunceda ekuhlalutyeni.
- β into eluncedo yePython efunda iifayile zepcap kwaye ihlalutye imiyalezo yeDNS.
Micro FAQ kwi DNS tunneling
Ulwazi oluluncedo ngendlela yemibuzo neempendulo!
Umbuzo: Yintoni itonela?
O: Yindlela elula yokudlulisa idatha kwiprotocol ekhoyo. Iprothokholi esisiseko ibonelela ngomjelo ozinikeleyo okanye itonela, ethi ke isetyenziswe ukufihla ulwazi olusasazwayo.
Umbuzo: Kwenziwa nini uhlaselo lokuqala lwe-DNS lwetonela?
O: Asazi! Ukuba uyazi, nceda usazise. Ngokolwazi lwethu, ingxoxo yokuqala yohlaselo yaqaliswa ngu-Oscar Piersan kuludwe lweposi lweBugtraq ngoAprili 1998.
Umbuzo: Luluphi uhlaselo olufana ne-DNS tunneling?
O: I-DNS ikude kwiprothokholi ekukuphela kwayo enokusetyenziswa ukwenza itonela. Umzekelo, umyalelo kunye nolawulo (C2) i-malware ihlala isebenzisa i-HTTP ukufihla ijelo lonxibelelwano. Njengoko i-DNS tunneling, i-hacker ifihla idatha yakhe, kodwa kule meko ibonakala ngathi i-traffic evela kwi-browser yewebhu eqhelekileyo ifikelela kwindawo ekude (elawulwa ngumhlaseli). Oku kunokungaqatshelwa ngokubeka iliso iinkqubo ukuba azibunjwanga ukuba zibone ukusetyenziswa kakubi kwe-HTTP protocol ngeenjongo ze-hacker.
Ngaba ungathanda ukuba sincede ekubhaqweni kwetonela ye-DNS? Jonga imodyuli yethu kwaye uzame simahla !
umthombo: www.habr.com