Hack Week takes place at the start of every year, and it’s a chance for the Modux team to have a go at interesting projects that aren’t directly related to their day-to-day work. In a previous article, we shared Ben’s network diode project, Thomas’s attempt to build a virtual COM port driver and Lucas’s version of GTFOBins for AWS.
In this second instalment, we’re covering four more projects:
Tom's Recursive DNS tool
Tom works as a Senior Security Consultant here at Modux. Tom spent Hack Week making his own recursive DNS tool, as he explains here:
In many environments we test which are supposedly cut off from the Internet, we end up finding that recursive DNS queries are possible. Existing tools, such as Iodine, require local admin access in order to set up a virtual ethernet interface to route all traffic through the adapter.
My goal in this hack week project was to create a tool that would visually demonstrate the risk of permitting recursive DNS queries without requiring local admin privileges. To do this I would create a local HTTP proxy on a high TCP port and proxy traffic through my recursive DNS server.
Tunnelling through recursive DNS refers to a technique used to bypass network restrictions by encapsulating arbitrary data inside DNS packets. This can be used to bypass firewalls or other network security measures that are in place to block certain types of traffic.
Tunnelling through recursive DNS involves setting up a recursive DNS server that is able to forward traffic to and from a client on the restricted network. The client sends DNS requests to the server, which are then forwarded to their intended destination. The server then receives the response and sends it back to the client inside a DNS response packet.
My project tackled the first stage of building an HTTP proxy through a recursive DNS tunnel. Built in C# for both the server code and client code, I was able to successfully build a local HTTP proxy which, once it had received an HTTP request object, would serialize the data, base64 encode the data, then chunk it into a number of DNS requests to an also local DNS server. The maximum domain request length was found to be <80 characters, and the maximum TXT record response size was found to be <254 characters.
The next steps for this project are to move the DNS server to a remote location and configure it to act as an authoritative name server for my chosen domain.
Liz's guided breathing app
As Operations Assistant at Modux, Liz is more used to the administration rather than technical side of the company and so took the opportunity of Hack Week to learn the basics of coding by making a guided breathing application.
Armed with a little coding knowledge and inspired by Wim Hof’s book about the benefits of deep breathing, next Liz wanted to create a guided breathing app which would talk the user through a series of counted breaths and feature a simple expanding and retracting image.
Benedict's image processing software for The British Museum
The British Museum has thousands of images of the artifacts in their collections. Artifacts are assigned a serial number to keep a record of them, and this serial number appears in each image, but the image files do not have a filename that reflects this serial number. This makes it impossible to effectively search or browse the archive of images.
For his Hack Week project, Benedict wanted to develop software that would be capable of processing the images and renaming each file with the corresponding serial number of the artifact. The software he developed would need to combine traditional image processing techniques with neural networks for text detection and recognition.
In general, the images that Benedict was working with contained a known set of objects: the artifact itself, a serial number and a scale. The serial number appears as either a small printed label or, in some cases, is written on the artifact. The scale acts as a colour and size reference.
The most important part of the image is the serial number, as that is required to assign the file its corresponding name. Because there is text on the scale that appears in the image, elements of this can also be picked up by text detectors, meaning Benedict first needed to filter and remove it from the image before the relevant text could be detected.
The appearance of the scale remained relatively consistent across images, so it was a prime candidate for using traditional feature-matching techniques to detect it. Using the AKAZE feature detection algorithm and brute force feature matching to match key points between the reference and test image, it was possible for Benedict to mask off this area of the image, in turn preventing the text that appears on the scale from being inadvertently detected as the serial number.
With the scale successfully excluded from being detected, Benedict ran the image through the CRAFT text detector in order to crop the serial number from the image. After trying a number of different options, he chose this detector because it reliably detected the serial numbers regardless of orientation of the text and effectively picked up handwritten text.
Once the area of the image containing the serial number now detected, Benedict then cropped it to include only the text and then ran it through a text recognition algorithm. He chose PARSeq as it most reliably identified characters at a range of orientations. The output could then be used to rename the image with the corresponding serial number.
Without any optimisation, using the stock configuration of the various algorithms, detection per image took about 12 seconds. By optimising some parameters and reducing the input size of the images, detection speed could be reduced to around 1 second per image while maintaining high levels of accuracy.
The software currently only exists as a command line tool. Benedict aims to continue his project with the aim of building a basic UI which would allow non-expert users to simply select a folder of images they want to process, and the images would be renamed automatically. Further optimisation could also include parallelisation of the detection to allow multiple images to be processed at once, allowing the complete archive of images to be processed and labelled suitably.
Silvia's Key Logger
Modux’s Operations Manager, Silvia, spent Hack Week making a keylogger, which is a type of monitoring software, or malware, that can be used to covertly record everything that is typed on a computer. It’s a surveillance technology that can potentially be used by a malicious user to gain access to sensitive information such as passwords or credit card information.
I wanted to challenge myself by doing something completely outside my comfort zone that would allow me to better understand (even if it was a that very small scale) the challenges that some of the consultants at Modux have with their projects.
With no experience of any programming language, Silvia started at the very beginning by working out which language and software to use. She found that Python would suit her project and it seemed suitable for a beginner.
Having not seen or done any programming before, Silvia found it was quite challenging to understand the code and its syntaxis, but with the help of tutorials and guidance from colleagues at Modux, she persevered and managed to build a keylogger program which could do the following:
1. The keylogger captured when a key was pressed or released
2. On press: it printed out the key in the console to see it working
3. It created a txt file to capture the keystrokes
4. It added a key list and count variable to the code
One of the challenges Silvia faced during this project was that her anti-virus spotted the program as malware and kept on deleting the main, which, although frustrating for Silvia at the time, proves that she made a successful malware programme!
Given more time, Silvia would like to add the function to automatically email the .txt file and plans to tidy up the text file by removing the quotation marks and adding new lines after a space.