DNS Tunnel Keylogger – A Combative Post-Exploitation Tool For Pentesters

Presently, the latest keylogging server and client tool has come into existence on GitHub. This tool is truly helpful for pen testers. One of the best parts of this tool is that it utilizes DNS tunneling. It is the way to transmit keystrokes. The main purpose of designing this tool was to enable pen testers to perform post-exploitation activities.

The most surprising fact about this tool is that it focuses on lightweight exfiltration. This is the way to minimize the possibility of being located by the security systems. Simply put, the server component of the tool is written in Python 3. Apart from this, it requires installing the dependencies via pip.

However, it can be operated by default on UDP port 53. But, the matter of joy is that users can easily specify a unique port using the -p flag. The exclusive part is that the IP address of the server is possible for you to use in SOA and NS records. It is the way to be able to locate the server using other nameservers.

In this perspective, users gain instructions to set the namespace of their domain. It is an ideal way to customize DNS. Furthermore, you can point it to the IP address of the exfiltration in an effective way to set glue records. Simply put, DNS tunneling is a technique that allows you to encode the data of programs or protocols.

So, to be honest, DNS tunneling is a very useful method that is perfect for extracting post-exploitation data. Meanwhile, you can overlook any sort of firewall restrictions. Let’s see how. Here are a few key points that you should have a glance at -

  • Details about DNS and networking concepts 
  • Awareness of Python and Bash scripting
  • Installation of Python3 on the server
  • Availability of the suitable Linux for the keylogger client
  • Two bash scripts of Linux keylogger on the client side - connection.sh script+ ogger.sh script

You might not have any idea that it is possible to start a keylogger silently. That’s why I asked you. Now, you need not fret about the closure of the chance to exit to a non-keylogger state. It has been noted by the developers that the keylogger will not run in interactive shells. So, rest assured that it will enable you to design the server in a way that you can avoid repetitive and repeater packers.

DNS Tunnel Keylogger – Server Setup

Step 1: Clone the Repository

Initially, it requires you to clone the DNS-Tunnel-Keylogger repository from GitHub:

Step 2: Install Dependencies

In this step, you need to navigate to the cloned directory and install the essential Python dependencies:

Step 3: Start the Server

To initiate the server, you have to follow the command given below -

Server Options:

Client Setup (Linux Keylogger)

Step 1: Prepare the Scripts

Initially, it requires you to make sure that logger.sh and connection.sh  are in the same directory. These scripts will enable you to capture as well as send keystrokes to the server.

Step 2: Start the Keylogger

You have to execute the commands following if you want to proceed with the keylogger. These commands are -

Keylogger Options:

A Few More Key Details 

Data Transmission Manually

Suppose, you want to send data, for example, a file manually, you need to pipe the data to the connection.sh script. This is the way you can establish a strong connection as well as send the data.

Security Considerations

In case you use a keylogger and DNS tunneling without any authorization, it can be proven to be malicious. Along with this, it is also illegitimate in various jurisdictions. So, make sure that you are using these tools in your environment. To be precise, these tools are easy to comply with all relevant laws and ethical guidelines as well.

Troubleshooting Steps

  • First of all, remove the &> /dev/null from the keylogger command if you want to display error messages
  • Verify the firewall settings of the server
  • Make sure that the DNS port is open for both incoming and outgoing connections
  • Cross-check whether the domain you are using is properly configured or not
  • Ensure that the server you are using for the domain is completely authoritative for it

Conclusion

Hopefully, after going through this guide, you will be able to know the steps to set up a DNS tunneling keylogger. Besides, you can also be aware of the process related to converting keystroke exfiltration. So, the most important thing that you need to keep in mind is that you must use this tool within the rules and regulations.

Did you find this article interesting? Connect with our TTB Community on LinkedIn and explore more intriguing articles & updates.