dns2tcpc − A tunneling tool that encapsulate TCP traffic over DNS.
dns2tcpc [ −h ] [ −c ] [ −z domain zone ] [ −d debug_level ] [ −r resource ] [ −k key ] [ −f config_file ] [ −e command ] [ −T request type ] [ −l local_port ] [ server ]
dns2tcpc is a network tool used to encapsulate TCP communications in DNS. When connections are received on a specific port all TCP traffic is sent to the remote dns2tcpd server and forwarded to a specific host and port. Multiple connections are supported.
dns2tcpc was written for demonstration purposes.
-h |
Help Menu |
||
-c |
Enable DNS compression. When used, be sure that all relay and DNS server support compression and really use it. |
−z domain zone
Use this domain as endpoint.
−d debug level
Change debug level. Levels available are 1, 2 or 3.
−r resource
Remote resource to access.
−k key |
Pre shared key used for authentication (identification). |
−f config file
Configuration file to use.
−T request type
Request type to use. Actually only KEY and TXT requests are supported.
−e command
Command to execute, I/O are redirected in the tunnel.
−l local_port
Local port accepting incomming connections (or - for stdin on UNIX systems).
−t connection timeout
Maximum DNS server’s answer delay in seconds. A valid delay is between 1 and 240 seconds. Default is 3.
server |
DNS server to use. The first entry in resolv.conf file will be choosen if the server is not specified. |
By default ${HOME}/.dns2tcprc is used if no configuration file is specified. Here is an example :
domain = dns2tcp.hsc.fr
resource = ssltunnel
local_port = 4430
enable_compression = 0
debug_level = 1
key = mykey
# DNS to use
server = ns.hsc.fr
dns2tcpc -k mykey -z dns2tcp.hsc.fr mydns
Ask the dns2tcp server to list available resources.
ssh -o ’ProxyCommand dns2tcpc -r ssh -l - -z dns2tcp.hsc.fr -k mykey
mydns’ myserver
Use dns2tcp as a proxy command with ssh. We try to connect to the ssh resource with the key ’mykey’ and the DNS mydns.
dns2tcpc -r socat-resource -e ’/bin/bash -i’ -k mykey -z dns2tcp.hsc.fr
mydns
Use dns2tcp as a reverse shell, the remote shell will appear on the socat-resource.
dns2tcpc -d 1 -f /dev/null -r ssl-tunnel -l 2000 -k mykey -T KEY -z
dns2tcp.hsc.fr mydns
Do not use the default configuration file, bind local port 2000 and forward all the traffic on the remote ssl-tunnel resource, use the first debug level. Use KEY type DNS requests.
Olivier Dembour <olivier DOT dembour AT hsc DOT fr>
ssltunnel