While preparing the content for this book, I stumbled upon a few of the excellent Capture the Flag (CTF) challenges, which demonstrate mind-boggling exercises. One of them is the one we are going to discuss next. We covered an exercise on the ICMP shell in the previous chapters, and ICMP tunneling works on the same principle, which is to pass TCP-related data through a series of ICMP requests. Similarly, DNS and SSH tunneling also work; they encapsulate normal TCP traffic within them and pass the common security practices. DNS and SSH tunneling are fairly popular for bypassing captive portal restrictions on airports, cafes, and so on. However, certain malware also makes use of DNS to perform command and control of the compromised machines. Let's see an example that demonstrates strange DNS requests and look at what can we do with them...
Germany
Slovakia
Canada
Brazil
Singapore
Hungary
Philippines
Mexico
Thailand
Ukraine
Luxembourg
Estonia
Lithuania
Norway
Chile
United States
Great Britain
India
Spain
South Korea
Ecuador
Colombia
Taiwan
Switzerland
Indonesia
Cyprus
Denmark
Finland
Poland
Malta
Czechia
New Zealand
Austria
Turkey
France
Sweden
Italy
Egypt
Belgium
Portugal
Slovenia
Ireland
Romania
Greece
Argentina
Malaysia
South Africa
Netherlands
Bulgaria
Latvia
Australia
Japan
Russia