- Joined
- Jan 8, 2019
- Messages
- 56,623
- Solutions
- 2
- Reputation
- 32
- Reaction score
- 100,456
- Points
- 2,313
- Credits
- 32,750
6 Years of Service
76%
What is DNSStager?
DNSStager is an open-source project based on Python used to hide and transfer your payload using DNS.
DNSStager will create a malicious DNS server that handles DNS requests to your domain and return your payload as a response to specific record requests such as AAAA or TXT records after splitting it into chunks and encoding the payload using different algorithms.
It can generate a custom agent written in C or GoLang that will resolve a sequence of domains, retrieve the payload, decode it and finally inject it into the memory based on any technique you want.
You can edit the code of the DNSStager agent as you wish, and build it using your own custom execution techniques.
The main goal of using DNSStager is to help red teamers/pentesters to deliver their payloads in the stealthy channel using DNS.
DNSStager key features:
DNSStager has some key features such as:
Hide and Resolve your payload in IPV6 records.
Hide and Resolve your payload in TXT records.
XOR encoder to encode your payload.
Base64 encoder to encode your payload (only for TXT records).
Pure agent wrote in C with the ability to customise it.
Pure agent wrote in GoLang with the ability to customise it.
The ability to use sleep between each DNS request.
AND MUCH MORE TO COME!
Changelog v1.0
New features added such as:
The ability to generate DNSStager DLL agents.
C agent with enhanced OPSEC and performance.
Print the total number of DNS requests.
Fixed the following issues:
Dynamic shellcode size allocation instead of hardcoded value.
Remove unused variables inside the agent C code.
Also, general code enhancements were made.