[ncat] Thoughts about a --dns option?

[Ron <ron () skullsecurity net>]

Hey all,

I was thinking of writing a "dnscat" program for the fun of it --
basically, a clone of netcat that, instead of going over a plain socket
connection, sends all data through DNS.

Then it occurred to me, could I just add a --dns option to Ncat, and
leverage the infrastructure that others have built? I'm hoping it's
possible, but, since I'm unfamiliar with the Ncat codebase, I was hoping
to get opinions.

Basically, the simplest way to implement this is for the client to poll
their DNS server with CNAME requests that contain both a sequence number
and a piece of data (basically, 1-datagoeshere.example.com). The server
would respond with acknowledgments for each sequence number, and
possibly data of its own (like 1-responsegoeshere.example.com). A random
value (nonce) would likely be required, too, to fix issues with caching.

I could see this being a very useful tool to communicate with a server
(for example, a proxy server) in a situation where firewalls would
normally prevent it. Not to mention transferring files, etc.

Any thoughts on adding this as a part of Ncat? I'd be happy to do the
coding, provided nobody says that it'll require a ton of reworking. :)

Ron

-- 
Ron Bowes
http://www.skullsecurity.org/
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/