DNS Tunnel Bounce Shell
DNS tunnel
DNS protocol is a request and response protocol, and it is also a tunneling technology that can be used at the application layer. The working principle of DNS tunnel is very simple. When making a DNS query, if the queried domain name is not in the local cache of the DNS server, it will access the Internet for query, and then return the result. If there is a customized server on the Internet, data packets can be exchanged relying on the DNS protocol. From the perspective of the DNS protocol, such an operation is just to query a specific domain name again and again and get the resolution results, but the essential problem is that the expected return result should be an IP address, but in fact the returned result can be Any string, including encrypted C&C instructions.
When using a DNS tunnel to communicate with the outside world, it appears that there is no connection to the external network (the internal network gateway does not forward IP packets). But in fact, the DNS server on the intranet performs the relay operation. This is how DNS tunneling works. Simply put, it encapsulates other protocols in the DNS protocol for transmission.
Using DNS for command control (DNS-Shell)
DNS-Shell is a powerful tool that implements interactive Shell through DNS channels. The server side of the tool is developed based on Python and can be run on any operating system platform with a Python environment installed. The payload used by the tool has been PowerShell commands . Coding ensures stability and compatibility across different platforms.
DNS-Shell runner