diannaosec

I have been learning more about exfiltrating data using DNS requests at ine.com After connecting to the lab machine, my first job was to find sensitive data. I used   tree c:\ /f | more   to look through the directories. The first thing I saw was a directory called sensitive with a .txt file called credentials inside it. I had a look at this using the type command (after trying cat as I'm so used to Linux!)  I now needed to find a way to exfiltrate this data and bypass any egress filtering. I started by checking if any common ports were allowed for outbound connections. To do this, I used  sudo python3 -m http.server 8080 I then used the browser on the target machine to try to connect to my simple HTTP server. I tried this using ports 80, 8080, 443 and 8443. I discovered that only port 8080 was allowed to access the public internet. Next, I wanted to see if DNS lookups could be made from the target machine. To do this, I first of all had to reconfigure the DNS server...