DNS-Shell is an interactive Shell over DNS channel. The server is Python based and can run on any operating system that has python installed, the payload is an encoded PowerShell command. Think of this as an Empire agent payload or Metasploit payload, but through DNS
The payload, generated when the server script is invoked, utilizes the nslookup command to perform queries and query the server for new commands. The server itself listens on port 53 for incoming communications. One the payload is executed on the target machine (via a vulnerabity such as Remote Command Execution) the server will spawn an interactive shell.
Once the channel is established, the payload will query the server for commands if a new command is entered, it will execute it and return the result back to the server.
Running DNS-Shell is relatively simple
DNS-Shell supports two mode of operations: direct and recursive modes.
- Perform a git clone from our Github page
- DNS-Shell direct mode: sudo python DNS-Shell.py -l -d [Server IP]
- DNS-Shell recursive mode: sudo python DNS-Shell.py -l -r [Domain]
DNS-Shell In Action
The following video shows how DNS-Shell can be run. If you have any questions about using DNS-Shell, drop us a mail