Imagine the power of Netcat, but with everything tunneled through DNS packets. Imagine the power!!!
Dnscat2 does precisely that: http://www.doctorchaos.com/dnscat2-dns-reverse-tunneling-thru-secure-networks/
More detailed info: https://zeltser.com/c2-dns-tunneling/
Code on Github: https://github.com/iagox86/dnscat2
The dnscat2 software is run on a C2 server that listens for a client. The software is then run on a client, which attempts to connect to the C2 server and establish a session. Once a session is established, a reverse connection is created from the C2 server, which enables an attacker to run arbitrary commands on the remote client's machine.
The C2 server should be a registered domain, and should be an authoritative DNS server, and the authoritative DNS server should be the same server running the dnscat2 server. To make a DNS server authoritative for your domain, you will inform the domain registrar of the authoritative DNS in the domain. There is often an option to do this in Domain Management/Domain Settings. Edit DNS Zone file, and add several records:
- Add two A records
ns2that point to the C2 server
- Add two DNS records with host
ns2to point to n1.domain.com and n2.domain.com
Next, make sure the domain is set up to use your own, custom nameservers. Add the nameservers ns1.domain.com and ns2.domain.com). Give some time for settings to take effect.
Now when you run dnscat2 on either machine, you'll specify domain.com
Kali Linux"The quieter you become, the more you are able to hear."
Penetration testing Linux distribution.
1 Physical Attacks: Kali/Layer 1 Attacks
2 Data/MAC Attacks: Kali/Layer 2 Attacks
3 Network Attacks: Kali/Layer 3 Attacks
4 Transport Attacks: Kali/Layer 4 Attacks
5 Session Attacks: Kali/Layer 5 Attacks
6 Presentation Attacks: Kali/Layer 6 Attacks
7 Application Attacks: Kali/Layer 7 Attacks
Kali on Raspberry Pi:
Flags · Template:KaliFlag · e