312-50V10 · Question #508
What tool and process are you going to use in order to remain undetected by an IDS while pivoting and passing traffic over a server you've compromised and gained root access to?
The correct answer is B. Install Cryptcat and encrypt outgoing packets from this server.. Cryptcat is an encrypted variant of Netcat that encrypts traffic using Twofish, making communications unreadable to signature-based IDS systems during post-exploitation pivoting.
Question
What tool and process are you going to use in order to remain undetected by an IDS while pivoting and passing traffic over a server you've compromised and gained root access to?
Options
- AInstall and use Telnet to encrypt all outgoing traffic from this server.
- BInstall Cryptcat and encrypt outgoing packets from this server.
- CUse HTTP so that all traffic can be routed via a browser, thus evading the internal Intrusion
- DUse Alternate Data Streams to hide the outgoing packets from this server.
How the community answered
(25 responses)- A8% (2)
- B72% (18)
- C4% (1)
- D16% (4)
Why each option
Cryptcat is an encrypted variant of Netcat that encrypts traffic using Twofish, making communications unreadable to signature-based IDS systems during post-exploitation pivoting.
Telnet transmits all data in plaintext without any encryption, making it one of the least suitable tools for evading network inspection and IDS detection.
Cryptcat extends Netcat's functionality by adding Twofish encryption to all transmitted data, ensuring that traffic tunneled through a compromised server appears as encrypted, unrecognizable ciphertext to an IDS rather than matching known malicious signatures. This allows an attacker with root access to create covert encrypted channels for pivoting without triggering IDS alerts based on plaintext patterns.
Using HTTP does not encrypt traffic; HTTP payloads are transmitted in cleartext and are fully inspectable by IDS/IPS systems and deep packet inspection engines.
Alternate Data Streams is an NTFS file system feature used to hide data within files on disk, and has no mechanism for concealing or encrypting outgoing network packets from IDS inspection.
Concept tested: Cryptcat encrypted tunneling for IDS evasion during pivoting
Source: https://www.kali.org/tools/cryptcat/
Topics
Community Discussion
No community discussion yet for this question.