VSploit DNS Beaconing Emulation - Metasploit
This page contains detailed information about how to use the auxiliary/vsploit/malware/dns/dns_query metasploit module. For list of all metasploit modules, visit the Metasploit Module Library.
Module Overview
Name: VSploit DNS Beaconing Emulation
Module: auxiliary/vsploit/malware/dns/dns_query
Source code: modules/auxiliary/vsploit/malware/dns/dns_query.rb
Disclosure date: -
Last modification time: 2017-07-24 06:26:21 +0000
Supported architecture(s): -
Supported platform(s): -
Target service / protocol: -
Target network port(s): -
List of CVEs: -
This module takes a list and emulates malicious DNS beaconing.
Module Ranking and Traits
Module Ranking:
- normal: The exploit is otherwise reliable, but depends on a specific version and can't (or doesn't) reliably autodetect. More information about ranking can be found here.
Basic Usage
msf > use auxiliary/vsploit/malware/dns/dns_query
msf auxiliary(dns_query) > show targets
... a list of targets ...
msf auxiliary(dns_query) > set TARGET target-id
msf auxiliary(dns_query) > show options
... show and set options ...
msf auxiliary(dns_query) > exploit
Required Options
- DOMAINS: Separate Domains by whitespace
Go back to menu.
Msfconsole Usage
Here is how the vsploit/malware/dns/dns_query auxiliary module looks in the msfconsole:
msf6 > use auxiliary/vsploit/malware/dns/dns_query
msf6 auxiliary(vsploit/malware/dns/dns_query) > show info
Name: VSploit DNS Beaconing Emulation
Module: auxiliary/vsploit/malware/dns/dns_query
License: Metasploit Framework License (BSD)
Rank: Normal
Provided by:
MJC
Check supported:
No
Basic options:
Name Current Setting Required Description
---- --------------- -------- -----------
COUNT 2 no Number of intervals to loop
DELAY 3 no Delay in seconds between intervals
DNS_SERVER no Specifies a DNS Server
DOMAINS yes Separate Domains by whitespace
Description:
This module takes a list and emulates malicious DNS beaconing.
Module Options
This is a complete list of options available in the vsploit/malware/dns/dns_query auxiliary module:
msf6 auxiliary(vsploit/malware/dns/dns_query) > show options
Module options (auxiliary/vsploit/malware/dns/dns_query):
Name Current Setting Required Description
---- --------------- -------- -----------
COUNT 2 no Number of intervals to loop
DELAY 3 no Delay in seconds between intervals
DNS_SERVER no Specifies a DNS Server
DOMAINS yes Separate Domains by whitespace
Advanced Options
Here is a complete list of advanced options supported by the vsploit/malware/dns/dns_query auxiliary module:
msf6 auxiliary(vsploit/malware/dns/dns_query) > show advanced
Module advanced options (auxiliary/vsploit/malware/dns/dns_query):
Name Current Setting Required Description
---- --------------- -------- -----------
VERBOSE false no Enable detailed status messages
WORKSPACE no Specify the workspace for this module
Auxiliary Actions
This is a list of all auxiliary actions that the vsploit/malware/dns/dns_query module can do:
msf6 auxiliary(vsploit/malware/dns/dns_query) > show actions
Auxiliary actions:
Name Description
---- -----------
Evasion Options
Here is the full list of possible evasion options supported by the vsploit/malware/dns/dns_query auxiliary module in order to evade defenses (e.g. Antivirus, EDR, Firewall, NIDS etc.):
msf6 auxiliary(vsploit/malware/dns/dns_query) > show evasion
Module evasion options:
Name Current Setting Required Description
---- --------------- -------- -----------
Go back to menu.
Error Messages
This module may fail with the following error messages:
Check for the possible causes from the code snippets below found in the module source code. This can often times help in identifying the root cause of the problem.
<TIME> - <NAME> => No Record Found
Here is a relevant code snippet related to the "<TIME> - <NAME> => No Record Found" error message:
38: query = @res.query(name, "A")
39: time = Time.new
40: time = time.strftime("%Y-%m-%d %H:%M:%S")
41: print_status("#{time} - DNS Query sent for => #{name}")
42: if query.answer.length == 0
43: print_error("#{time} - #{name} => No Record Found")
44: else
45: a = query.answer[0].to_s.split(/[\s,]+/)
46: print_status("#{time} - #{name} => #{a[-1]}")
47: end
48: end
Go back to menu.
Related Pull Requests
- #8338 Merged Pull Request: Fix msf/core and self.class msftidy warnings
- #6655 Merged Pull Request: use MetasploitModule as a class name
- #6648 Merged Pull Request: Change metasploit class names
- #2525 Merged Pull Request: Change module boilerplate
- #1228 Merged Pull Request: MSFTIDY cleanup #1 - auxiliary
Go back to menu.
See Also
Check also the following modules related to this module:
- auxiliary/vsploit/malware/dns/dns_mariposa
- auxiliary/vsploit/malware/dns/dns_zeus
- auxiliary/vsploit/pii/email_pii
- auxiliary/vsploit/pii/web_pii
- auxiliary/fuzzers/dns/dns_fuzzer
- auxiliary/scanner/dns/dns_amp
- payload/cmd/windows/powershell/dns_txt_query_exec
- payload/windows/dns_txt_query_exec
- post/linux/manage/dns_spoofing
- post/multi/gather/dns_bruteforce
- post/multi/gather/dns_reverse_lookup
- post/multi/gather/dns_srv_lookup
- auxiliary/admin/dns/dyn_dns_update
- auxiliary/dos/dns/bind_tkey
- auxiliary/dos/dns/bind_tsig
- auxiliary/dos/dns/bind_tsig_badtime
- auxiliary/server/dns/native_server
- auxiliary/server/dns/spoofhelper
- auxiliary/spoof/dns/bailiwicked_domain
- auxiliary/spoof/dns/bailiwicked_host
- auxiliary/spoof/dns/compare_results
- auxiliary/spoof/dns/native_spoofer
- auxiliary/dos/mdns/avahi_portzero
- auxiliary/dos/windows/llmnr/ms11_030_dnsapi
- auxiliary/gather/enum_dns
- auxiliary/scanner/mdns/query
- auxiliary/server/fakedns
- auxiliary/spoof/mdns/mdns_response
- auxiliary/gather/ldap_query
- auxiliary/scanner/http/blind_sql_query
- auxiliary/scanner/llmnr/query
- auxiliary/scanner/wsdd/wsdd_query
- auxiliary/dos/windows/smb/ms10_054_queryfs_pool_overflow
- exploit/multi/browser/firefox_queryinterface
- exploit/multi/http/phpldapadmin_query_engine
- exploit/windows/isapi/w3who_query
- post/multi/manage/dbvis_query
Authors
MJC
Version
This page has been produced using Metasploit Framework version 6.2.9-dev. For more modules, visit the Metasploit Module Library.
Go back to menu.