sensepost / godoh Goto Github PK

View Code? Open in Web Editor NEW

735.0 31.0 120.0 134 KB

🕳 godoh - A DNS-over-HTTPS C2

Home Page: https://sensepost.com/blog/2018/waiting-for-godoh/

License: GNU General Public License v3.0

Makefile 2.31% Go 97.69%

doh dns-over-https command-and-control c2 golang dns

godoh's Introduction

🕳 godoh

A DNS-over-HTTPS Command & Control Proof of Concept

introduction

godoh is a proof of concept Command and Control framework, written in Golang, that uses DNS-over-HTTPS as a transport medium. Currently supported providers include Google, Cloudflare but also contains the ability to use traditional DNS.

installation

All you would need are the godoh binaries themselves. Binaries are available for download from the releases page as part of tagged releases.

To build godoh from source, follow the following steps:

Ensure you have Go 1.13+
Clone this repository with git clone https://github.com/sensepost/goDoH.git
Run make key to generate a unique encryption key to use for communication
Build the project with one of the following options:
- go build which will drop you a new godoh binary for the current architecture
- make which will drop binaries in the build/ directory for various platforms

usage

A DNS (over-HTTPS) C2
  By @leonjza from @sensepost

Usage:
  godoh [flags]
  godoh [command]

Available Commands:
  agent       Connect as an Agent to the DoH C2
  c2          Starts the godoh C2 server
  help        Help about any command
  receive     Receive a file via DoH
  send        Send a file via DoH
  test        Test DNS communications

Flags:
  -d, --domain string          DNS Domain to use. (ie: example.com)
  -h, --help                   help for godoh
  -p, --provider string        Preferred DNS provider to use. [possible: googlefront, google, cloudflare, quad9, raw] (default "google")
  -K, --validate-certificate   Validate DoH provider SSL certificates

Use "godoh [command] --help" for more information about a command.

license

godoh is licensed under a GNU General Public v3 License. Permissions beyond the scope of this license may be available at http://sensepost.com/contact/.

godoh's People

Contributors

Stargazers

Watchers

Forkers

gavz ro9ueadmin w00t3k phunterlau flatl1neapt cryptofanorg rev10d killvxk downeyrebert r3dfruitrollup sasqwatch orf53975 randomwalksp minkione oneplush kkoszyka topotam bigbrobro awesome-golang c0010 rajivraj imulmul smolige001 sharpsec qianniaoge kaponocloud jack51706 ioanlongjing woolly-headed phoenixml attackgithub jikk stkeeper mdly w4fz5uck5 dolanor-galaxy blacktrace acknowledgehim devonice anusorn m4rm0k strangerting red-infosec gaurav-nelson 5l1v3r1 superuser5 limitlessfree nrojas9 ondrik8 bxvs888 smartfish latkes ykankaya v4nyl eattttt bb33bb richardsonjf marcelomata fuckup1337 oldsecureiqlab reanimat0r jonathanzhou348 tubbz-alt lybobob1 iiiusky 0xr4ndom fadinglr ashr fdlucifer 4n4nk3 mskowron-sec mansaamusax opensesamedoors isgasho archo0ps nateriv3r 3453-315h modasi 4v4loon ekmixon a32567901 listinvest froyo75 amudy17 phuong39 hackdou r0ck3rt madusec sh9369 yuyuowo casparstools dviros m3g4byt3 sairson crimsonlabs-io marcostolosa korving-f hartl3y94 sylviagaytaneh2021 askyeye

godoh's Issues

No agents registered Error

When I start c2 server, it is not checking for the agents and on running "agents" command it is giving a error "No agents registered". Any solution?

godoh -d IP c2
INFO[0000] Using google as preferred provider
INFO[0000] Using 10.36.146.78 as DNS domain
Commands are directed to agents after switching to its context.

Use the agents command to list agents.
Use the use agent-id to interact with that agent and issue commands.
Use the download path in an agents' context to download files.
Use the back command to go back.

Current agent context: ``

c2> INFO[0000] DNS C2 starting... domain=10.36.146.78 module=c2

c2> agents
No agents registered.
c2>

Requires Go 1.17

Hello,

Can you run the project with Go 1.13 instead of Go 1.17?

I am receiving an error.

# golang.org/x/sys/unix
../../go/pkg/mod/golang.org/x/[email protected]/unix/syscall.go:83:16: undefined: unsafe.Slice
../../go/pkg/mod/golang.org/x/[email protected]/unix/syscall_darwin.go:95:8: undefined: unsafe.Slice
../../go/pkg/mod/golang.org/x/[email protected]/unix/syscall_unix.go:118:7: undefined: unsafe.Slice
../../go/pkg/mod/golang.org/x/[email protected]/unix/sysvshm_unix.go:33:7: undefined: unsafe.Slice
note: module requires Go 1.17

Can you give instructions for use?

server/agent not polling

My agent is stuck at INFO[0000] Starting polling... ident=80my4 module=agent

On the server C:\godoh\goDoH>godoh c2 -d mydomain.com
time="2020-05-11T12:47:36Z" level=info msg="Using google as preferred provider\n"
time="2020-05-11T12:47:36Z" level=info msg="Using mydomain.com as DNS domain\n"
Commands are directed to agents after switching to its context.

Current agent context: ``

c2> time="2020-05-11T12:47:36Z" level=info msg="DNS C2 starting..." domain=mydomain.com module=c2

c2> agents
No agents registered.

godoh test gives no errors

Canonical repo address is inconsistent with go import path

The github.com/sensepost/godoh repo was just renamed to github.com/sensepost/goDoH
This means that the canonical github repo address now conflicts with canonical go import packages (for example, "github.com/sensepost/godoh/dnsclient", as referenced from https://github.com/sensepost/goDoH/blob/master/cmd/agent.go#L13)

It is now very easy for downstream consumers (which don't import "github.com/sensepost/godoh/..." packages) to accidentally clone and add imports to upper-case "github.com/sensepost/goDoH/..." packages. This will create many pitfalls and break the module users. They may encounter errors:

go: downloading github.com/sensepost/goDoH v0.0.0-20200517112203-e2bac6398fa7
go: github.com/sensepost/goDoH upgrade => v0.0.0-20200517112203-e2bac6398fa7
go get: github.com/sensepost/[email protected]: parsing go.mod:
        module declares its path as: github.com/sensepost/godoh
                but was required as: github.com/sensepost/goDoH

(This was possible before, but way harder to do accidentally, since all the links and clone commands from github agreed with the canonical go import packages)

Please consider reverting the godoh -> goDoH rename.

If the case change is here to stay, some things that would help a lot:

Example go get github.com/sensepost/godoh commands or others in the READMEs of all the go repos to guide consumers.
Add canonical import paths with the correct case (https://golang.org/doc/go1.4#canonicalimports) to prevent accidental use of the wrong case downstream.

exec: "pwd": executable file not found in %PATH%

Server: Ubuntu 20.04 LTS
Target: Windows 10 x64 - Version 20H2 (OS Build 19042.1288)

c2> INFO[0000] DNS C2 starting...                            domain=dns.redacted.com module=c2
INFO[0201] First time checkin for agent                  ident=cka6p
agents
Id: cka6p (Registered: Fri Oct 15 14:11:44 2021) (Last Checkin: Fri Oct 15 14:12:08 2021)
c2> use cka6p
c2\cka6p> pwd
INFO[0286] Queued command                                agent=cka6p cmd=pwd domain=dns.redacted.com module=c2
c2\cka6p> INFO[0287] Giving agent a new command as checkin response  cmd=pwd ident=cka6p
INFO[0287] New incoming DNS stream started               ident=eb07
INFO[0287] Attempting to decode the finished CmdProtol stream.  ident=eb07

Command Output:
-------
exec: "pwd": executable file not found in %PATH%

Same thing happens with a few other commands like 'dir, ls, cd'
However, 'whoami' works just fine.

Is it possible to generate a dll?

I did a little update at makefile to add shared=c-basic and it fails. I run at Kali

loadinternal: cannot find runtime/cgo
warning: linking with x86_64-w64-mingw32-gcc because of unimplemented -mwindows

Is there any workaround?