diff --git a/AUTHORS b/AUTHORS index e24c5b2..a4f96e8 100644 --- a/AUTHORS +++ b/AUTHORS @@ -2,3 +2,4 @@ Olivier Dembour Contributors : Nicolas Collignon +@kirik_wow (kirillwow) diff --git a/README b/README deleted file mode 100644 index 82225bb..0000000 --- a/README +++ /dev/null @@ -1,72 +0,0 @@ - ----------- [ Note ] ---------- - -Dns2tcp is a tool for relaying TCP connections over DNS. There is only -a simple identification mecanism but no encryption : DNS encapsulation -must be considered as an unsecure and anonymous transport -layer. Resources should be public external services like ssh, -ssltunnel ... - - -----------[ Examples ]---------- - - -Client: ------- - - -View list of available connection. - - $ dns2tcpc -z dns2tcp.hsc.fr -k - Available connection(s) : - ssh-gw - ssh6-home - ssl-tunnel - $ - -Line based connection to a remote ssl-tunnel host : - - $ dns2tcpc -r ssl-tunnel -l 4430 -k -z dns2tcp._hsc.fr - listening on port 4430 - ... - -File configuration : - - $ cat > ~/.dns2tcprc << EOF - - domain = dns2tcp.hsc.fr - resource = ssl-tunnel - local_port = 4430 - debug_level = 1 - key = whateveryouwant - server = the_dns_server # or scan /etc/resolv.conf - EOF - $ dns2tcpc - - -Server : -------- - -File configuration : - - - $ cat > ~/.dns2tcpdrc << EOF - - listen = x.x.x.x - port = 53 - user = nobody - key = whateveryouwant - chroot = /var/empty/dns2tcp/ - domain = dns2tcp.hsc.fr - resources = ssh:127.0.0.1:22 , smtp:127.0.0.1:25, - pop3:10.0.0.1:110, ssh2:[fe80::1664]:22 - - EOF - $ ./dns2tcpd -F -d 1 - - -----------[ Known Bugs ]---------- - -DNS desynchronisation -dns2tcpd server not supported on Windows - diff --git a/README.md b/README.md index 705e354..540fa42 100644 --- a/README.md +++ b/README.md @@ -1,11 +1,28 @@ # Note -Dns2tcp is a tool for relaying TCP connections over DNS. There is only +Dns2tcp is a tool for TCP port forwarding over DNS. There is only a simple identification mecanism but no encryption : DNS encapsulation must be considered as an unsecure and anonymous transport -layer. Resources should be public external services like ssh, -ssltunnel ... +layer. It works similar to plink -L/-R options. +It is based on old version of dns2tcp at https://github.com/alex-sector/dns2tcp +with addition of port forwarding feature, bug fix and moving from b64 to b32. + +## How to build + +### Linux + + $ ./configure + $ make + $ ./server/dns2tcpd + $ ./client/dns2tcpc + + +### Windows + + $ cd dns2tcp/client + $ "C:\Program Files\mingw-w64\x86_64-8.1.0-win32-seh-rt_v6-rev0\mingw64\bin\gcc.exe" -I ..\common\includes -I includes *.c ..\common\*.c -l ws2_32 -l iphlpapi -o dns2tcpc.exe + $ dns2tcpc.exe ## Examples @@ -14,59 +31,47 @@ ssltunnel ... ### Client: -View list of available connection. -```sh - $ dns2tcpc -z dns2tcp.hsc.fr -k - Available connection(s) : - ssh-gw - ssh6-home - ssl-tunnel - $ -``` -Line based connection to a remote ssl-tunnel host : +Local port forwarding, for example to run meterpreter over DNS tunnel. +Listens to port 4444 on client side and forwards all connections to x.x.x.x:443 : ```sh - $ dns2tcpc -r ssl-tunnel -l 4430 -k -z dns2tcp._hsc.fr - listening on port 4430 + $ dns2tcpc.exe -z mydomain.com -k secretkey -t 3 -L 4444:x.x.x.x:443 + listening on port 4444 ... ``` -File configuration : + + +Remote port forwarding, for example to make client SMB shares available to remote side. +Opens port 1500 for listening on server side and forwards all connections from remote to 127.0.0.1:445 : ```sh - $ cat > ~/.dns2tcprc << EOF - - domain = dns2tcp.hsc.fr - resource = ssl-tunnel - local_port = 4430 - debug_level = 1 - key = whateveryouwant - server = the_dns_server # or scan /etc/resolv.conf - EOF - $ dns2tcpc + $ dns2tcpc.exe -z mydomain.com -k secretkey -t 3 -R 1500:127.0.0.1:445 + Connected to port : 445 + ... + ``` -### Server : File configuration : +### Server : + ```sh - $ cat > ~/.dns2tcpdrc << EOF + # cat > .dns2tcpdrc << EOF - listen = x.x.x.x + listen = *server ip address* port = 53 user = nobody - key = whateveryouwant + key = secretkey chroot = /var/empty/dns2tcp/ - domain = dns2tcp.hsc.fr - resources = ssh:127.0.0.1:22 , smtp:127.0.0.1:25, - pop3:10.0.0.1:110, ssh2:[fe80::1664]:22 - + domain = mydomain.com + EOF - $ ./dns2tcpd -F -d 1 + + # server/dns2tcpd -F -d3 -f .dns2tcpdrc ``` # Known Bugs -DNS desynchronisation dns2tcpd server not supported on Windows diff --git a/client/client.c b/client/client.c index bd3ebc2..b1fae56 100644 --- a/client/client.c +++ b/client/client.c @@ -290,7 +290,10 @@ static int check_incoming_ns_reply(t_conf *conf) buffer[MAX_EDNS_LEN] = 0; /* Can be blocking here */ + +#ifdef _WIN32 ResetEvent(conf->event_udp); +#endif while ((len = read(conf->sd_udp, buffer, MAX_DNS_LEN)) > 0) { if ((conf->client) && (queue_get_udp_data(conf, buffer, len)))