dnscat2
dnscat2 copied to clipboard
iagox86
/root/dnscat2/server/libs/dnser.rb:828:in `bind': Address already in use - bind(2) for "0.0.0.0" port 53 (Errno::EADDRINUSE)
I'm on an AWS Lightsail Ubuntu 18.04 VPS. I've tried running ruby ./dnscat2.rb to get the dnscat2> prompt.
However, I keep getting the following errors:
Security policy changed: All connections must be encrypted Traceback (most recent call last): 6: from ./dnscat2.rb:208:in "main" 5: from /root/dnscat2/server/tunnel_drivers/tunnel_drivers.rb:24:in "start" 4: from /root/dnscat2/server/tunnel_drivers/tunnel_drivers.rb:24:in "new" 3: from /root/dnscat2/server/tunnel_drivers/driver_dns.rb:251:in "initialize" 2: from /root/dnscat2/server/tunnel_drivers/driver_dns.rb:251:in "new" 1: from /root/dnscat2/server/libs/dnser.rb:828:in "initialize" /root/dnscat2/server/libs/dnser.rb:828:in "bind": Address already in use - bind(2) for "0.0.0.0" port 53 (Errno::EADDRINUSE)
I've used netstat to see that I have a systemd-resolve process listening on port 53. However, I've tried editing the resolved.conf to DNSStubListener=no, and I still get the exact same errors. I've been wracking my brain trying to figure this out for the better part of a day, and I'm not sure what to do. Any ideas?
Yeah, your system DNS resolver is listening on port 53, probably working as a cache. You might be able to fix it by passing your public ip address to dnscat2 as an argument:
ruby dnscat2.rb --dns host=your.ip.address.goes.here,port=53,domain= yourdomain.org
Change your.ip.address.goes.here to your own ip, and yourdomain.org to your own domain, obviously. If you don't have a domain you're using, you can just leave out the domain= part.
Alternatively, you can stop the systemd-resolve service, though that may make it impossible to use other services.
Hope that helps!
On Mon, May 13, 2019 at 7:09 PM rol227 [email protected] wrote:
I'm on an AWS Lightsail Ubuntu 18.04 VPS. I've tried running ruby ./dnscat2.rb to get the dnscat2> prompt.
However, I keep getting the following errors:
Security policy changed: All connections must be encrypted Traceback (most recent call last): 6: from ./dnscat2.rb:208:in "main" 5: from /root/dnscat2/server/tunnel_drivers/tunnel_drivers.rb:24:in "start" 4: from /root/dnscat2/server/tunnel_drivers/tunnel_drivers.rb:24:in "new" 3: from /root/dnscat2/server/tunnel_drivers/driver_dns.rb:251:in "initialize" 2: from /root/dnscat2/server/tunnel_drivers/driver_dns.rb:251:in "new" 1: from /root/dnscat2/server/libs/dnser.rb:828:in "initialize" /root/dnscat2/server/libs/dnser.rb:828:in "bind": Address already in use - bind(2) for "0.0.0.0" port 53 (Errno::EADDRINUSE)
I've used netstat to see that I have a systemd-resolve process listening on port 53. However, I've tried editing the resolved.conf to DNSStubListener=no, and I still get the exact same errors. I've been wracking my brain trying to figure this out for the better part of a day, and I'm not sure what to do. Any ideas?
— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/iagox86/dnscat2/issues/141?email_source=notifications&email_token=AAEAQTAWT64ZVXZDPC6WE3LPVINORA5CNFSM4HMUZQK2YY3PNVWWK3TUL52HS4DFUVEXG43VMWVGG33NNVSW45C7NFSM4GTR7C4Q, or mute the thread https://github.com/notifications/unsubscribe-auth/AAEAQTD2QOC3YQA23JYCPO3PVINORANCNFSM4HMUZQKQ .
Thanks for getting back to me so quickly. You're correct in that if I use systemctl stop systemd-resolved then I can use ruby dnscat2.rb with zero problems and I get to the dnscat2> prompt (at the cost of my DNS resolver). Unfortunately, passing the IP address as an argument did not work.
However, I noticed that even if I switch my DNS resolver to something like dnsmasq, I still get a conflict. And it seems like it's pretty common for DNS resolvers to LISTEN on port 53.
I'm wondering if you know how you and/or other people are running both services simultaneously. Or am I completely missing something?
For me, I use a special VM or linode instance or similar that's designed for this
On Tue., May 14, 2019, 16:19 rol227, [email protected] wrote:
Thanks for getting back to me so quickly. You're correct in that if I use systemctl stop systemd-resolved then I can use ruby dnscat2.rb with zero problems and I get to the dnscat2> prompt (at the cost of my DNS resolver). Unfortunately, passing the IP address as an argument did not work.
However, I noticed that even if I switch my DNS resolver to something like dnsmasq, I still get a conflict. And it seems like it's pretty common for DNS resolvers to LISTEN on port 53.
I'm wondering if you know how you and/or other people are running both services simultaneously. Or am I completely missing something?
— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/iagox86/dnscat2/issues/141?email_source=notifications&email_token=AAEAQTCYQ32AS5RABGZ7YUDPVNCHLA5CNFSM4HMUZQK2YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGODVNB77A#issuecomment-492445692, or mute the thread https://github.com/notifications/unsubscribe-auth/AAEAQTESXQMQHXX7ZSAMAXTPVNCHLANCNFSM4HMUZQKQ .
Hello,
I think I may misunderstand how the tool is working (all the tutorials seem to run it with the IP address, not with the domain) so please bear with me. I set up 3 VMs:
- 1 authoritative DNS server (10.1.1.1) for "example.zone.com" with an A/NS record pointing to the Kali box where the dnscat server is running
- 1 Kali box (10.1.1.2) with dnscat2 running with "example.zone.com" as a parameter
- 1 Windows VM (10.1.1.3) running the dnscat2 client, which is set to query the DNS server for "example.zone.com", get an A/NS record pointing to the Kali box and then connect to that.
This setup is not working, that's why I'm assuming my understanding is wrong. I came here because I can't run the DNScat server and the BIND9 on the Ubuntu host, because they both try to bind on port 53 (which is how I ended up here).
So I guess I'm just looking for confirmation that my understanding is wrong at this point and to get a correct working example that involves a DNS server as well, not just running the client with the IP address where DNScat2 is running.
Thanks for all your work!
