The professionals explain that DNSBin is a tool used to test the filtering of data through DNS and helps to test vulnerabilities such as RCE or XXE when the environment has a limitation. The program is divided into two parts; the first part is about the web server and its component. This offers a basic web user interface; usually you will not need more than this, say information security experts. In the client part it offers a python script that allows transferring the data in both directions through DNS using the web service.
For the configuration and installation. DNS:
- Add an “A” record for the “dns1.zhack.ca” domain that points to “18.104.22.168”.
- Add an “A” record for the “ns1.zhack.ca” domain that points to “22.214.171.124”.
- Add a record “NS” for the domain “d.zhack.ca” with the value “dns1.zhack.ca”.
- Add a record “NS” for the domain “d.zhack.ca” with the value “ns1.zhack.ca”.
Web hosting. Information security professionals recommend starting the DNS receiver and the WebSocket endpoint with the Node.JS “forever” module.
forever start index.js
The file “index.html” can be hosted on the web server of your choice.
Regarding the client. The script requires that “dnspython” be installed on both ends. You must first start the script on the machine that is outside the restricted zone. The script will provide you with a token that you must pass by running the script on the machine within the restricted zone.
Working as a cyber security solutions architect, Alisa focuses on application and network security. Before joining us she held a cyber security researcher positions within a variety of cyber security start-ups. She also experience in different industry domains like finance, healthcare and consumer products.