The Wayback Machine - https://web.archive.org/web/20210918134525/https://github.com/mitre/caldera/pull/2032
Skip to content

/ caldera Public

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Dns tunneling contact #2032

Merged
merged 7 commits into from Feb 18, 2021
Merged

Dns tunneling contact #2032

merged 7 commits into from Feb 18, 2021

Conversation

@uruwhy
Copy link
Contributor

@uruwhy uruwhy commented Feb 3, 2021
edited

Description

Initial framework for DNS tunneling C2 contact mechanism. Supporting agents will communicate with the C2 by requesting A and TXT records. hex-encoded data is transmitted to the server using qname labels, and data is downloaded via TXT record responses.

Type of change

  • New feature (non-breaking change which adds functionality)
  • This change requires a documentation update

How Has This Been Tested?

Please describe the tests that you ran to verify your changes.

Ran a sandcat DNS tunneling agent on Linux and Windows. Tested running various abilities, including abilities that sent output back to the C2 and abilities that required payloads. Will add official tests shortly.

Checklist:

  • My code follows the style guidelines of this project
  • I have performed a self-review of my own code
  • I have made corresponding changes to the documentation
  • I have added tests that prove my fix is effective or that my feature works
@uruwhy uruwhy force-pushed the dns-tunneling-contact branch from 69ec13f to 6327201 Feb 5, 2021
@codecov
Copy link

@codecov codecov bot commented Feb 5, 2021
edited

Codecov Report

Merging #2032 (ce220a3) into master (12493dc) will increase coverage by 2.05%.
The diff coverage is 79.13%.

Impacted file tree graph

@@            Coverage Diff             @@
##           master    #2032      +/-   ##
==========================================
+ Coverage   61.74%   63.80%   +2.05%     
==========================================
  Files          60       61       +1     
  Lines        4240     4633     +393     
==========================================
+ Hits         2618     2956     +338     
- Misses       1622     1677      +55
Impacted Files Coverage Δ
app/contacts/contact_dns.py 79.13% <79.13%> (ø)
app/objects/c_agent.py 81.08% <0.00%> (+3.24%) ⬆️
app/service/contact_svc.py 69.36% <0.00%> (+18.91%) ⬆️

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 12493dc...ce220a3. Read the comment docs.
@uruwhy uruwhy force-pushed the dns-tunneling-contact branch from fdb6e51 to 4a680cd Feb 8, 2021
@uruwhy
Initial work for DNS tunneling c2
f3bb8c9 
Dns tunneling fixes

Fixing issues and removing unnecessary debug output

Adding dummy AAAA record response

Adding dns contact settings to default config file

Initial test for dns contact

testing fixtures

Starting with simple tests for now

Removing some heavy debug lines

Style fix
@uruwhy uruwhy force-pushed the dns-tunneling-contact branch from db31d9c to f3bb8c9 Feb 8, 2021
uruwhy added 6 commits Feb 15, 2021
@uruwhy
adjusting internal methods to allow for better testing
217179d
@uruwhy
Adding more tests
81dcb9f
@uruwhy
Adding dnspython package requirement for tests
904b028
@uruwhy
Removing heavy debugging message
dc191f7
@uruwhy
Adding requirement for testing
a68aadc
@uruwhy
Supporting older python version
ce220a3
@uruwhy uruwhy requested a review from wbooth Feb 16, 2021
@uruwhy uruwhy marked this pull request as ready for review Feb 16, 2021
@wbooth wbooth changed the title WIP: Dns tunneling contact DNS tunneling contact Feb 17, 2021
@uruwhy uruwhy changed the title DNS tunneling contact Dns tunneling contact Feb 17, 2021
@wbooth wbooth merged commit 2a4726c into master Feb 18, 2021
8 checks passed
@wbooth wbooth deleted the dns-tunneling-contact branch Feb 18, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
2 participants
@uruwhy @wbooth