Windows client terminating with "NOT IMPLEMENTED!" error

[kursattuncel]

Hi,

As of version 0.05, windows client terminated with message "NOT IMPLEMENTED!" while the server is running as authoritative dns mode.

Attached is the screenshot of this operation.

[iagox86]

Can you make sure that the client and server are the same version? That is, if you're using github for one, make sure you're using it for the other; if you're using a release for one, then use the release for the other.

Thanks!

On Thu, Mar 31, 2016 at 12:52 AM, Yusuf Kursat Tuncel < notifications@github.com> wrote:

Hi,

As of version 0.05, windows client terminated with message "NOT IMPLEMENTED!" while the server is running as authoritative dns mode.

Attached is the screenshot of this operation.

[image: dnscat2_error] https://cloud.githubusercontent.com/assets/5817179/14169054/6039f6f8-f72e-11e5-86f6-80cdeab2f644.png

— You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub https://github.com/iagox86/dnscat2/issues/94

[dcnoren]

Hi, I have the same issue. Same version numbers, tried every version from 4 to 7 and same issue. Linux server, Windows client.

[iagox86]

Are the server and the client the same version as each other? That's the important part.

If they are, then something weird is happening.. the best way I can identify is with a pcap from dnscat2 itself with the --packet-trace option on both sides, as well as --firehose on the server (very noisy!) - I explain everything here:

https://github.com/iagox86/dnscat2/blob/master/doc/how_to_bug_report.md

Ron

On Mon, Jun 20, 2016 at 3:02 PM, David Noren notifications@github.com wrote:

Hi, I have the same issue. Same version numbers, tried every version from 4 to 7 and same issue. Linux server, Windows client.

— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/iagox86/dnscat2/issues/94#issuecomment-227237206, or mute the thread https://github.com/notifications/unsubscribe/AAgITHhw57CEb6rfRTpmkiy_GiF4xkgSks5qNuOzgaJpZM4H8f6b .

[dcnoren]

Attached are some logs. Domain was renamed to "happy.space", but that is not the real one.

client.txt server.txt

(Edit: and yes, client/server are the same version. Just different platforms)

[dcnoren]

And one other note: each version works seamlessly between Ubuntu server and Ubuntu client. It's Win 8.1 and Win 2k12 that seem to have issues.

Example of working session(s) on Ubuntu:

sh (ip-10-50-0-159) 2> pwd sh (ip-10-50-0-159) 2> /home/ubuntu

sh (ip-10-50-0-159) 2> ifconfig sh (ip-10-50-0-159) 2> eth0 Link encap:Ethernet HWaddr 12:37:a9:97:ff:69 inet addr:10.50.0.159 Bcast:10.50.0.255 Mask:255.255.255.0 inet6 addr: fe80::1037:a9ff:fe97:ff69/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:9001 Metric:1 RX packets:753200 errors:0 dropped:0 overruns:0 frame:0 TX packets:738022 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:286959364 (286.9 MB) TX bytes:291876655 (291.8 MB)

lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:65536 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)

sh (ip-10-50-0-159) 2>

[dcnoren]

Can provide additional logs if needed.

[iagox86]

I'm wondering if there's something wrong with the Windows client I packaged, maybe. You're using the .zip from the site, not buliding it yourself, right?

I'm on vacation for the next two weeks, and don't really have access to a Windows environment. :(

Ron

On Mon, Jun 27, 2016 at 11:39 AM, David Noren notifications@github.com wrote:

Can provide additional logs if needed.

— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/iagox86/dnscat2/issues/94#issuecomment-228784335, or mute the thread https://github.com/notifications/unsubscribe/AAgITJlsd9Ex-8lsCQCNZzzkM-fyvE39ks5qP-7EgaJpZM4H8f6b .

[dcnoren]

Correct, not building myself. I could try that route, although it was every version I had tried that said the same thing. Anyway, enjoy your vacation, don't deal with this while you're on it!

[iagox86]

I usually do a least a bit of testing before I actually .zip the file, so I'm surprised this is a problem.

Can you try to disable encryption on the client and/or server? I think it's --no-encryption or something, but --help will tell you for sure. That's the most likely reason this is happening - pre-encryption versions trying to talk to a post-encryption version will run into that.

I should add a version number field going forward.. then I can at least give a good response. :)

Ron

On Mon, Jun 27, 2016 at 11:53 AM, David Noren notifications@github.com wrote:

Correct, not building myself. I could try that route, although it was every version I had tried that said the same thing. Anyway, enjoy your vacation, don't deal with this while you're on it!

— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/iagox86/dnscat2/issues/94#issuecomment-228788636, or mute the thread https://github.com/notifications/unsubscribe/AAgITEF3MtjYl0ZDvjxgEdimOwUmgj4tks5qP_IWgaJpZM4H8f6b .

[dcnoren]

Yep, tried that already.

dnscat2.exe --dns domain=happy.space --packet-trac e --no-encryption

[schu6689]

Hi Ron,

the problem occurs (for me) only when I don't have a direct access to the internet/dns. With a local M$ DomainServer handling the DNS I get the same errors as mentioned here. On my open-WLAN it's working without any problems. When using https://github.com/lukebaggett/dnscat2-powershell it works in both environments - so it seems to be a problem within your client. I tested only the compiled version from your site.

Hope that helps - Thanks for your great work.

[murphydavis]

Hey, I encountered this issue as well during use of dnscat with an authoritative dns server. The DNS servers on the client machine's network are Windows Server 2008, the client is OS X, and the server is Ubuntu. I attached the logs as you described in the bug reporting documentation. Hope this helps, let me know if there's anything else you could use. client-log.txt server-log.txt

[D4rkGambit]

Spent the day trouble-shooting this. This appears to be related to issue #132 If your dns server is a Windows Domain Controller performing forwarding, A records and MX records cause the "NOT IMPLEMENTED" error. "NOT IMPLEMENTED" on latest Kali apt pull, and "NOT IMPLEMENTED IPv4" on latest Git. Yes I tried both.

v0.07 (Client & Server)

3 work arounds:

1) Use CNAME or TXT (--dns domain=mydomain.com,type=TXT)

2) Set your DNS IP to a non-windows DNS server in your IP configuration (like 8.8.8.8 or 4.2.2.2)

Pretty sure this is schu6689 stumbled on from his Wifi

3) Bypass the Windows Server performing DNS Forwarding with server option (--dns server=x.x.x.x,port=53)

I know these aren't fixes, but hope they help someone or the dev.

I have not tested with a non-windows client (Linux) .

[zinzloun]

@D4rkGambit same scenario, your workaround worked perfectly. Thanx F.