Skip to content

DNS C2

Jump to bottom
Maxime Landon edited this page Feb 23, 2020 · 4 revisions

Wiregost supports DNS communications for implants. Some setup is needed for using it.

Setup

Use the following steps to configure a domain for DNS C2 (and DNS Canaries), you can use any DNS provider you wish as long as you setup the records correctly. I recommend setting a TTL of ~5 minutes for each record.

  1. Create an A record for your example.com pointing at your Sliver server (or redirector) IP address.
  2. Create an A record for an ns1 subdomain (i.e. ns1.example.com) that points to your Sliver server (or redirector) IP address.
  3. Create an NS record with an arbitrary subdomain, for example 1 (i.e. 1.example.com) which is managed by ns1.example.com.
  4. You can now use 1.example.com as your DNS C2 domain e.g. generate --dns 1.example.com. (always use the FQDN when issuing DNS commands).

The final configuration should look like for the domain lil-peep.rip: DNS Configuration

IMPORTANT: Remember to disable Cloudflare's "cloud" when configuring these records, and to adjust the TTLs.

This setup will make you able to use DNS Canaries, or DNS Implants

Overview

Install

Data Service

C2 Server

Console

Modules

Implants

Writing Modules

Configuration

Clone this wiki locally