From 81c6d8bc2182fdbce8aec2ee226a79e33890db2f Mon Sep 17 00:00:00 2001 From: Simon Moser Date: Sun, 6 Feb 2022 17:57:33 +0100 Subject: [PATCH] Minimal working examples added, README and LICENSE adjusted --- LICENSE | 2 +- README.md | 19 +++++++++--------- client.ps1 | 57 ++++++++++++++++++++++++------------------------------ client.sh | 6 ++++++ server.py | 2 +- 5 files changed, 43 insertions(+), 43 deletions(-) diff --git a/LICENSE b/LICENSE index 791b244..c11bc79 100644 --- a/LICENSE +++ b/LICENSE @@ -1,6 +1,6 @@ MIT License -Copyright (c) 2016 Pen Test Partners +Copyright (c) 2022 Simon Moser Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal diff --git a/README.md b/README.md index 2f23c5f..3844b8f 100644 --- a/README.md +++ b/README.md @@ -1,16 +1,17 @@ -# Uninvited-Guest -Uninvited Guest - A file server for files over DNS TXT records +# DNS File-Transfer +A file server for files over DNS TXT records +## Requirements on server +- *Python3* +- *dnslib:* e.g. `pip3 install dnslib` + +## Usage First set up your domain to point to which ever server you're hosting this on. -Then run the python server +Then run the python server: -./server --domain domainname.com --directory /dir/of/tools +`./server.py --domain domainname.com --directory /dir/of/tools` It will only support a flat directory structure in /dir/of/tools -You will need to write your own client to receive files. The count of items will be in file.count.domainname.com and the strings will be in file.number.domainname.com. - -An example bash client would be something like: - -f="pwned.png";d="6-9.eu";c=$(dig +short txt $f.count.$d|tr -d \");for i in $(seq 0 $c);do echo -n $(dig +short txt $f.$i.$d|tr -d \");done | base64 -d > /tmp/pwned.png +Strongly based on [Uninvited Guest by Pen Test Partners](https://github.com/pentestpartners/Uninvited-Guest) \ No newline at end of file diff --git a/client.ps1 b/client.ps1 index 5c23776..0a1d1f6 100644 --- a/client.ps1 +++ b/client.ps1 @@ -1,10 +1,8 @@ # Simple Powershell client, also runs on linux with Powershell Core Function Get-DnsTxt { - [CmdletBinding()] param( - [string] $Domain - ) + [CmdletBinding()] param([string] $Domain) Try { - return (Resolve-DnsName -Type TXT $Domain | Select-Object Strings | Format-Table -HideTableHeaders | Out-String -Width 1000).Replace("{", "").Replace("}", "").Trim() + return (Resolve-DnsName -Type TXT $Domain).Strings } Catch [System.Management.Automation.CommandNotFoundException] { return dig +short $Domain TXT } @@ -13,27 +11,14 @@ Function Get-DnsTxt { Function Get-DnsFile { [CmdletBinding()] param( [string] $FileName = $(Read-Host -Prompt 'Enter a FileName'), - [string] $DnsName = $(Read-Host -Prompt 'Enter a DnsName'), - [switch] $Execute, - [switch] $Write, - [string] $OutPath + [string] $DnsName = $(Read-Host -Prompt 'Enter a DnsName') ) $count = [int](Get-DnsTxt -Domain "$FileName.count.$DnsName") $file_base64 = "" For ($i=0; $i -le $count; $i++) { $file_base64 += (Get-DnsTxt -Domain "$FileName.$i.$DnsName") } - "Base64 $file_base64" - $file_string = [Text.Encoding]::Utf8.GetString([Convert]::FromBase64String($file_base64)) - "String $file_string" - If ($Execute.IsPresent) { - $file_string | Invoke-Expression - } Else { - $file_string | Out-String - } - If ($Write.IsPresent) { - $file_string | Out-File -FilePath ($OutPath, $FileName)[!$OutPath] - } + [Text.Encoding]::Utf8.GetString([Convert]::FromBase64String($file_base64)) } Function Push-DNSFile { @@ -41,22 +26,30 @@ Function Push-DNSFile { [string] $FileName = $(Read-Host -Prompt 'Enter a Filename'), [string] $DnsName = $(Read-Host -Prompt 'Enter a DnsName') ) - $id = (Get-FileHash $FileName | Select-Object Hash | Format-Table -HideTableHeaders | Out-String).Trim() - $id = [Convert]::ToBase64String([Text.Encoding]::UTF8.GetBytes($id)).Substring(0,6) - $content_binary = Get-Content -Path $FileName -Encoding utf8 - $content_base64 = [Convert]::ToBase64String([Text.Encoding]::UTF8.GetBytes($content_binary)) + $id = [Convert]::ToBase64String([Text.Encoding]::UTF8.GetBytes((Get-FileHash $FileName).Hash)).Substring(0,6) + $content = [Convert]::ToBase64String([Text.Encoding]::UTF8.GetBytes((Get-Content -Path $FileName))) $i = 0 - While ($content_base64) { - $url = "."+$i+"-"+$id+"u."+$DnsName + While ($true) { + $url = ".$i-${id}u.$DnsName" $len = 63 - $url.Length - if($len -le $content_base64.Length) { - $content_part = $content_base64.Substring(0, $len) - $content_base64 = $content_base64.Substring($len) + $i++ + if($len -lt $content.Length) { + Get-DnsTxt -Domain ($content.Substring(0, $len) + $url) + $content = $content.Substring($len) } else { - $content_part = $content_base64 - $content_base64 = $false + Get-DnsTxt -Domain ($content + $url) + break } - Get-DnsTxt -Domain ($content_part + $url) - $i++ } } + +# Minimal working example for download in case you have to type it all manually +Function MWE { + param([string] $f, [string] $d) + $c = [int]((Resolve-DnsName -Type TXT "$f.count.$d").Strings) + $o = "" + For ($i=0; $i -le $c; $i++) { + $o += (Resolve-DnsName -Type TXT "$f.$i.$d").Strings + } + [Text.Encoding]::Utf8.GetString([Convert]::FromBase64String($o)) +} diff --git a/client.sh b/client.sh index 5d8974d..49d18c4 100755 --- a/client.sh +++ b/client.sh @@ -20,3 +20,9 @@ else fi done fi + +# Minimal working example for download in case you have to type it all manually +mwe() { + f=$1; s=$2; c=$(dig +short txt "$f".count."$s"|tr -d \") + for i in $(seq 0 "$c"); do echo -n "$(dig +short txt "$f"."$i"."$s"|tr -d \")"; done | base64 -d > "$f" +} \ No newline at end of file diff --git a/server.py b/server.py index 0711587..1a467de 100755 --- a/server.py +++ b/server.py @@ -1,4 +1,4 @@ -#!/usr/bin/env /usr/bin/python +#!/usr/bin/env /usr/bin/python3 # -*- coding: utf-8 -*- """