Open rol227 opened 5 years ago
Yeah, your system DNS resolver is listening on port 53, probably working as a cache. You might be able to fix it by passing your public ip address to dnscat2 as an argument:
ruby dnscat2.rb --dns host=your.ip.address.goes.here,port=53,domain= yourdomain.org
Change your.ip.address.goes.here to your own ip, and yourdomain.org to your own domain, obviously. If you don't have a domain you're using, you can just leave out the domain= part.
Alternatively, you can stop the systemd-resolve service, though that may make it impossible to use other services.
Hope that helps!
On Mon, May 13, 2019 at 7:09 PM rol227 notifications@github.com wrote:
I'm on an AWS Lightsail Ubuntu 18.04 VPS. I've tried running ruby ./dnscat2.rb to get the dnscat2> prompt.
However, I keep getting the following errors:
Security policy changed: All connections must be encrypted Traceback (most recent call last): 6: from ./dnscat2.rb:208:in "main" 5: from /root/dnscat2/server/tunnel_drivers/tunnel_drivers.rb:24:in "start" 4: from /root/dnscat2/server/tunnel_drivers/tunnel_drivers.rb:24:in "new" 3: from /root/dnscat2/server/tunnel_drivers/driver_dns.rb:251:in "initialize" 2: from /root/dnscat2/server/tunnel_drivers/driver_dns.rb:251:in "new" 1: from /root/dnscat2/server/libs/dnser.rb:828:in "initialize" /root/dnscat2/server/libs/dnser.rb:828:in "bind": Address already in use - bind(2) for "0.0.0.0" port 53 (Errno::EADDRINUSE)
I've used netstat to see that I have a systemd-resolve process listening on port 53. However, I've tried editing the resolved.conf to DNSStubListener=no, and I still get the exact same errors. I've been wracking my brain trying to figure this out for the better part of a day, and I'm not sure what to do. Any ideas?
— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/iagox86/dnscat2/issues/141?email_source=notifications&email_token=AAEAQTAWT64ZVXZDPC6WE3LPVINORA5CNFSM4HMUZQK2YY3PNVWWK3TUL52HS4DFUVEXG43VMWVGG33NNVSW45C7NFSM4GTR7C4Q, or mute the thread https://github.com/notifications/unsubscribe-auth/AAEAQTD2QOC3YQA23JYCPO3PVINORANCNFSM4HMUZQKQ .
Thanks for getting back to me so quickly. You're correct in that if I use systemctl stop systemd-resolved
then I can use ruby dnscat2.rb
with zero problems and I get to the dnscat2>
prompt (at the cost of my DNS resolver). Unfortunately, passing the IP address as an argument did not work.
However, I noticed that even if I switch my DNS resolver to something like dnsmasq, I still get a conflict. And it seems like it's pretty common for DNS resolvers to LISTEN on port 53.
I'm wondering if you know how you and/or other people are running both services simultaneously. Or am I completely missing something?
For me, I use a special VM or linode instance or similar that's designed for this
On Tue., May 14, 2019, 16:19 rol227, notifications@github.com wrote:
Thanks for getting back to me so quickly. You're correct in that if I use systemctl stop systemd-resolved then I can use ruby dnscat2.rb with zero problems and I get to the dnscat2> prompt (at the cost of my DNS resolver). Unfortunately, passing the IP address as an argument did not work.
However, I noticed that even if I switch my DNS resolver to something like dnsmasq, I still get a conflict. And it seems like it's pretty common for DNS resolvers to LISTEN on port 53.
I'm wondering if you know how you and/or other people are running both services simultaneously. Or am I completely missing something?
— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/iagox86/dnscat2/issues/141?email_source=notifications&email_token=AAEAQTCYQ32AS5RABGZ7YUDPVNCHLA5CNFSM4HMUZQK2YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGODVNB77A#issuecomment-492445692, or mute the thread https://github.com/notifications/unsubscribe-auth/AAEAQTESXQMQHXX7ZSAMAXTPVNCHLANCNFSM4HMUZQKQ .
Hello,
I think I may misunderstand how the tool is working (all the tutorials seem to run it with the IP address, not with the domain) so please bear with me. I set up 3 VMs:
This setup is not working, that's why I'm assuming my understanding is wrong. I came here because I can't run the DNScat server and the BIND9 on the Ubuntu host, because they both try to bind on port 53 (which is how I ended up here).
So I guess I'm just looking for confirmation that my understanding is wrong at this point and to get a correct working example that involves a DNS server as well, not just running the client with the IP address where DNScat2 is running.
Thanks for all your work!
I'm on an AWS Lightsail Ubuntu 18.04 VPS. I've tried running
ruby ./dnscat2.rb
to get thednscat2>
prompt.However, I keep getting the following errors:
Security policy changed: All connections must be encrypted Traceback (most recent call last): 6: from ./dnscat2.rb:208:in "main" 5: from /root/dnscat2/server/tunnel_drivers/tunnel_drivers.rb:24:in "start" 4: from /root/dnscat2/server/tunnel_drivers/tunnel_drivers.rb:24:in "new" 3: from /root/dnscat2/server/tunnel_drivers/driver_dns.rb:251:in "initialize" 2: from /root/dnscat2/server/tunnel_drivers/driver_dns.rb:251:in "new" 1: from /root/dnscat2/server/libs/dnser.rb:828:in "initialize" /root/dnscat2/server/libs/dnser.rb:828:in "bind": Address already in use - bind(2) for "0.0.0.0" port 53 (Errno::EADDRINUSE)
I've used netstat to see that I have a systemd-resolve process listening on port 53. However, I've tried editing the resolved.conf to DNSStubListener=no, and I still get the exact same errors. I've been wracking my brain trying to figure this out for the better part of a day, and I'm not sure what to do. Any ideas?