Pages

Friday, 26 January 2018

Reverse_DNS_Shell

A python reverse shell that uses DNS as the c2 channel。

Description:

A Python Reverse Shell that uses DNS as the C2 channel.

Requires:

  • dnslib
  • dnspython
  • pycrypto

Gotchyas:

  • don't forget to change your HOST
  • don't forget to change your SECRET key
  • run server first

Moar Info:

http://lockboxx.blogspot.com/2015/01/python-reverse-dns-shell.html

from https://github.com/ahhh/Reverse_DNS_Shell
----------

Recently a friend needed a reverse shell during a pentest, but could only connect out using DNS. To solve this, T1 and I whipped together a killer DNS based reverse shell. The shell uses legitimate DNS requests and responses to encode commands and exfiltrated data, making the traffic look like just a bunch of funky DNS requests on the wire. (I recently discovered dnscat, after writing my tool.)

The victim shell queries a specific IP address (the reverse shell server) for a DNS TXT record with a specific sentinel value. The reverse shell server will then respond with a DNS TXT record of base64 encoded commands. The victim shell will run these commands, and send the output back to the reverse shell server (this time as DNS A record requests, for multiple domains which together make up the output of the commands run on the server). This process will repeat until the reverse shell server issues the "quit" command to the victim. Like our other python reverse shells, this is pretty easy to build down to a native executable.

The backdoor more or less works as described in the below video, but there are still some major short comings in our backdoor, which we will be updating over time。

from http://lockboxx.blogspot.de/2015/01/python-reverse-dns-shell.html

No comments:

Post a Comment