1. 程式人生 > >【安全牛學習筆記】DNS協議隧道-iodine、NCAT

【安全牛學習筆記】DNS協議隧道-iodine、NCAT

security+ 信息安全

DNS協議隧道-----iodine

基於DNS查詢的隧道工具

與同類工具相比的優點

- 對下行數據不進行編碼,因此性能優

- 支持多平臺:linuxBSDMac OSWindows

- 最大16個並發連接

- 強制密碼支持

- 支持同網段隧道IP

(不同於服務器、客戶端網段)

- 主持多種DNS記錄類型

- 豐富的隧道質量檢測措施

DNS協議隧道-----iodine

運行服務器端

- iodined -f -c 10.0.0.1 test.lab.com

- -f:前段顯示(可選)

- -c:不檢查客戶端IP地址

- IP:服務器端的隧道IP地址

[email protected]:~# iodined -f 10.0.0.1 test.lab.com

Enter password: 123

Openend dns0

Setting IP of dns0 10.0.0.1

Setting MTU of dns to 1130

Opened IPv4 UDP socket

Listening to dns for domain test.lab.com

DNS協議隧道-----iodine

運行客戶端

- iodined -f test.lab.com

- curl --socks5-hostname 127.0.0.1:7001 http://www.sina.com

隧道網絡接口

- 不基於資源的通用隧道,如同本網段內兩臺相鄰的主機

- 服務器端和客戶端分別生成隧道網絡接口dns0

- 隧道兩端接口的IP地址應不同於客戶端和服務器端網段

- 基於此隧道可嵌套其他隧道技術

ssh -CfNg -D 7001 [email protected]

[email protected]:~$ sudo iodine -f test.lab.com

[sudo] password for yuanfh:

Enter password: 123

Opened dns0

OPened socket

Sending DNS queries for test.lab.com to 1.1.1.11

Autodetecting DNS query type (use -T to verride).

Using DNS type NULL queries

Version ok, both using protocol v 0x00000502. You are user #0

Setting IP of dns0 to 10.0.0.2

Autodetecting DNS query type (use -T to verride).

Using DNS type NULL queries

Version ok,both using protocol v 0x00000502. You are user #0

Setting IP of dns0 to 10.0.0.2

Setting MTU of dns0 to 1130

Server tunnel IP is 10.0.0.1

Testing rau UDP data to the server (skip with -r)

Server is at 192.168.1.110, trying raw login: ...falied

Using EDNS0 extension

Retrying upstream codec test...

Retrying upstream codec test...

Switching upstream to codec Base64

Server switched upstream to codec Base64

No alternative downstream codec available, using defaul (Raw)

Switching to lazy mode for low-latency

Server suitched to lazy mode

Autoptobing max downstream fragment size... (skip with -m fragsize)

...768 not ok.. ...384 not ok,, 192 ok.. ...238 not ok.. ...240not ok.. ...216 not ok..

252 not ok.. ...234 not ok.. ...231 not ok.. ...230 not ok.. ...will use 228-2=226

Setting downstream fragment size to max 226...

Connection setup complete, transmitting data.

iodine: Got SERVFAIL as reply: server failed or recursion timeout

iodine: Hmm, that‘s 1.your data should still go through...

iodine: Got SERVFAIL as reply: server failed or recursion timeout

iodine: Hmm, that‘s 2.your data should still go through...

iodine: Got SERVFAIL as reply: server failed or recursion timeout

iodine: Hmm, that‘s 3.your data should still go through...

iodine: Got SERVFAIL as reply: server failed or recursion timeout

iodine: Hmm, that‘s 4.your data should still go through...

iodine: Got SERVFAIL as reply: server failed or recursion timeout

iodine: I think 5 is too many. Setting interval to 1 to hopefully reduce SERVFAILs.

But just ignore them if data still comes through. (Use -l1 next time on this network.)

iodine: Got SERVFAIL as reply: server failed or recursion timeout+2

[email protected]:~$ ssh [email protected]

The authenticity of host ‘10.0.0.1 (10.0.0.1)‘ can‘t be established

ECDSA key fingerpring is 6f:bf:fc:e5:d0:96:65:34:90:7d:81:06:b6:0e:4d:50

Are you sure want to continue connecting (yes/no)? yes

Warning: Premanetly added ‘10.0.0.1‘ (ECDSA) to the list of known hosts.

[email protected]‘s password:

The programs included with the Kali GNU/Linux system are freee software;

the exact distribution terms for each program are described in the

individual files in /usr/share/doc/*/copyright/

Kali GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent

permitted by applicable law.

[email protected]:~# exit

logout

Connection to 10.0.0.1 closed.

[email protected]:~$ ssh -CfNg -D 7001 [email protected]

[email protected] password:

[email protected]:~$ netstat -pantu | grep 7001

(Not all processes could be identified,non-owned process info

will not be shown, you would have to be root to see it all.)

tcp 0 0 127.0.0.1:7001 0.0.0.0:* LISTEN 2748/ssh

tcp6 0 0 ::1:7001 :::* LISTEN 2748/ssh

DNS協議隧道-----iodine

安裝TAP網卡驅動

- https://openvpn.net/index.php/open-source/downloads.html

- 只安裝TAP Virtual Ethernet Adapter 和所有依賴包

Windows客戶端

- http://code.kryo.se/iodine/

- iodine -f test.lab.com

建立SSH隧道

Openvpn 2.3.11-I001-i686.exe

只安裝TAP Virtual Ethernet Adapter和Dependencies(Advanced)

NEXT

仍然繼續

finish

http://code.kryo.se/iodine/

iodine 32bit

C:\>cd iodine

C:\iodine>iodine.exe -f test.lab.com

Enter password: 123

Opening device 本地連接 2

Opened IPv4 UDP socket

Opened IPv4 UDP socket

Sending DNS queries for test.lab.com to 127.0.0.1

Autodetectng DNS query type <use -T to override>.Opened IPv4 UDP socket

Using DNS type NULL queries

Version ok, both using protocol v x00000502. You are user #0

Enabling interface ‘本地連接 2‘

Setting IP of interface ‘本地連接 2‘ to 10.0.0.2 <can take a few seconds>...

確定。

Server tunnel IP is 10.0.0.1

Testing raw UDP data to the server <skip with -r>

Server is at 192.168.1.110, trying raw login:...failed

Retrying upstream codec test...

Retrying upstream codec test...

Retrying upstream codec test...

Switching upstream to codec Base64

Server switched upstream to codec Base64

No alternative downstream codec available, using defualt <Raw>

PuTTY Configuration

Connection/Session----->Host Name (or IP adress):10.0.0.1 , Port:22----->Connection/SSH/Tunnels----->Source port:7001 Add, Destjnation:10.0.0.1 , IPv4 , Dynamic ,Location port accept connections from other hosts , Remote ports do the same(SSH-2 only)----->Open

login as: root

[email protected]‘s password:

The programs included with the Kali GNU/Linux system are free softwere;

the exact distribution terms for each program are described in the

individual files in /usr/share/doc/*/copyright.

Kali GNU/Linux comes with ABSOLVTELY NO WARRANTY, to the extent

permitted by applicable law.

Last login: Thu May 26 19:13:04 2016 from 10.0.0.2

NCAT

被稱為眾多NC衍生版軟件中最優的選擇

代理功能

- ncat -l 8080 --proxy-type http --proxy-auth user:pass

Broker中介功能

- AB不同但ACBC互通

- 服務器:ncat -l 3333 --broker

- 客戶端之間發送任何信息都會被hub到其他客戶端

- 批量執行命令:ncat 1.1.1.1 --sh-exec "echo ‘pwd‘"

- 批量傳文件:ncat --send-only 1.1.1.1 < inputfile

[email protected]:~# ncat -l 8080 --proxy-type http --proxy-auth user:pass

[email protected]:~# netstat -pantu | grep ncat

(Not all processes could be identified,non-owned process info

will not be shown, you would have to be root to see it all.)

tcp 0 0 127.0.0.1:31337 0.0.0.0:* LISTEN 2724/ncat

tcp6 0 0 ::1:31337 :::* LISTEN 2724/ncat

[email protected]:~# netstat -pantu | grep 8080

(Not all processes could be identified,non-owned process info

will not be shown, you would have to be root to see it all.)

tcp 0 0 127.0.0.1:8080 0.0.0.0:* LISTEN 2734/ncat

tcp6 0 0 ::1:8080 :::* LISTEN 2734/ncat

[email protected]:~# ncat

Ncat: You must specify a host to connect to. QUITING

[email protected]:~# ncat -l 333 --broker

A機器:[email protected]:~# ncat 127.0.0.1 333

B機器:[email protected]:~# ncat localhost 333

[email protected]:~# ncat 127.0.0.1 333 --sh-exec "echo ‘pwd‘"

[email protected]:~# ncat 127.0.0.1 333 --sh-exec "echo ‘mkdir a‘"

[email protected]:~# ncat 127.0.0.1 333 --sh-exec "echo ‘rm -fr a‘"

[email protected]:~# ncat --send-only 127.0.0.1 < inputfile

該筆記為安全牛課堂學員筆記,想看此課程或者信息安全類幹貨可以移步到安全牛課堂

Security+認證為什麽是互聯網+時代最火爆的認證?


牛妹先給大家介紹一下Security+


Security+ 認證是一種中立第三方認證,其發證機構為美國計算機行業協會CompTIA ;是和CISSP、ITIL 等共同包含在內的國際 IT 業 10 大熱門認證之一,和CISSP偏重信息安全管理相比,Security+ 認證更偏重信息安全技術和操作。

通過該認證證明了您具備網絡安全,合規性和操作安全,威脅和漏洞,應用程序、數據和主機安全,訪問控制和身份管理以及加密技術等方面的能力。因其考試難度不易,含金量較高,目前已被全球企業和安全專業人士所普遍采納。

Security+認證如此火爆的原因?

原因一:在所有信息安全認證當中,偏重信息安全技術的認證是空白的, Security+認證正好可以彌補信息安全技術領域的空白 。

目前行業內受認可的信息安全認證主要有CISP和CISSP,但是無論CISP還是CISSP都是偏重信息安全管理的,技術知識講的寬泛且淺顯,考試都是一帶而過。而且CISSP要求持證人員的信息安全工作經驗都要5年以上,CISP也要求大專學歷4年以上工作經驗,這些要求無疑把有能力且上進的年輕人的持證之路堵住。在現實社會中,無論是找工作還是升職加薪,或是投標時候報人員,認證都是必不可少的,這給年輕人帶來了很多不公平。而Security+的出現可以掃清這些年輕人職業發展中的障礙,由於Security+偏重信息安全技術,所以對工作經驗沒有特別的要求。只要你有IT相關背景,追求進步就可以學習和考試。

原因二: IT運維人員工作與翻身的利器。

在銀行、證券、保險、信息通訊等行業,IT運維人員非常多,IT運維涉及的工作面也非常廣。是一個集網絡、系統、安全、應用架構、存儲為一體的綜合性技術崗。雖然沒有程序猿們“生當做光棍,死亦寫代碼”的悲壯,但也有著“鋤禾日當午,不如運維苦“的感慨。天天對著電腦和機器,時間長了難免有對於職業發展的迷茫和困惑。Security+國際認證的出現可以讓有追求的IT運維人員學習網絡安全知識,掌握網絡安全實踐。職業發展朝著網絡安全的方向發展,解決國內信息安全人才的匱乏問題。另外,即使不轉型,要做好運維工作,學習安全知識取得安全認證也是必不可少的。

原因三:接地氣、國際範兒、考試方便、費用適中!

CompTIA作為全球ICT領域最具影響力的全球領先機構,在信息安全人才認證方面是專業、公平、公正的。Security+認證偏重操作且和一線工程師的日常工作息息相關。適合銀行、證券、保險、互聯網公司等IT相關人員學習。作為國際認證在全球147個國家受到廣泛的認可。

在目前的信息安全大潮之下,人才是信息安全發展的關鍵。而目前國內的信息安全人才是非常匱乏的,相信Security+認證一定會成為最火爆的信息安全認證。

本文出自 “11662938” 博客,請務必保留此出處http://11672938.blog.51cto.com/11662938/1971821

【安全牛學習筆記】DNS協議隧道-iodine、NCAT