HTDark | Underground Hacking Forum and Cybersecurity Community
  • Earn real money by being active: Hello Guest, earn real money by simply being active on the forum — post quality content, get reactions, and help the community. Once you reach the minimum credit amount, you’ll be able to withdraw your balance directly. Learn how it works.

DNSStager: hide and transfer your payload using DNS

Status
Not open for further replies.
itsMe

itsMe

*KillmeMories*
Staff member
Administrator
Super Moderator
Hacker
Specter
Crawler
Shadow
Joined
Jan 8, 2019
Messages
56,623
Solutions
2
Reputation
32
Reaction score
100,457
Points
2,313
Credits
32,750
‎6 Years of Service‎
 
76%
DNSStager-Help-768x311.png


What is DNSStager?

DNSStager is an open-source project based on Python used to hide and transfer your payload using DNS.

DNSStager will create a malicious DNS server that handles DNS requests to your domain and return your payload as a response to specific record requests such as AAAA or TXT records after splitting it into chunks and encoding the payload using different algorithms.

It can generate a custom agent written in C or GoLang that will resolve a sequence of domains, retrieve the payload, decode it and finally inject it into the memory based on any technique you want.

You can edit the code of the DNSStager agent as you wish, and build it using your own custom execution techniques.

The main goal of using DNSStager is to help red teamers/pentesters to deliver their payloads in the stealthy channel using DNS.

How does it work?

Based on your DNS resolution option, DNSStager will split your payload into chunks and save each chunk of the payload as a response for a subdomain.

For example, if you choose IPV6 as your option to retrieve the payload, the DNS response will be something like:

cloud-srv-1.test.mydnsserver.live. 300 IN AAAA 5648:31d2:6548:8b52:6048:8b52:1848:8b52

Where 5648:31d2:6548:8b52:6048:8b52:1848:8b52 is a part of your payload?

So, the agent will resolve some domains to retrieve the payload and then decode it and finally inject it into memory.

Currently, DNSStager only supports two records, AAAA and TXT. You can encode your payload using XOR for the AAAA record and by default, it will be encoded as base64 if you choose TXT record.

DNSStager key features:

DNSStager has some key features such as:

    Hide and Resolve your payload in IPV6 records.
    Hide and Resolve your payload in TXT records.
    XOR encoder to encode your payload.
    Base64 encoder to encode your payload (only for TXT records).
    Pure agent wrote in C with the ability to customise it.
    Pure agent wrote in GoLang with the ability to customise it.
    The ability to use sleep between each DNS request.
    AND MUCH MORE TO COME!

To see this hidden content, you must like this content.
 
Status
Not open for further replies.
Back
Top