DDoor: Cross-platform Backdoor Using DNS txt Records

Last Commit: 04/29/2020

DDoor: Cross-platform Backdoor Using DNS txt Records

Ddoor is an advanced multi-platform tool that allows you to use DNS txt records when executing command-based attacks on victim machines. The tool has a lightweight design which makes it easy to operate ones executed.

DDoor: Cross-platform Backdoor Using DNS txt Records

Ddoor is acting as a DNS backdoor thereby has the ability to gain access to any available DNS servers that are publicly available, after which it acquires a list of txt records from the servers that have been discovered. Through these records, you will be able to gain access through backdoor to the command system of the machine in question.

This will allow you to execute a variety of commands through the txt record that has been obtained from the DNS servers. The choosing of the txt records is done randomly after the tool has identified a good number of potential DNS servers. It can list up to about 10 DNS servers, therefore, making the acquisition of the txt records very easy.

Ddoor also allows the use of one txt record in the execution of different commands on Windows and Linux based systems. This tool has an encryption functionality through which you can encrypt the txt record. The encryption is done through XOR which applies a custom based to the txt record being encrypted.

When Ddoor is executed from a Linux based machine all thread names related to the operation of the tool are concealed using a cloaking technique. Through this, a fake name is introduced which then overwrites the system arguments. The files that have names that tie them to the tool will also undergo the same process. After the cloaking has been done the user can run Ddoor comfortably because the target machine will see it as one of the legitimate programs.

Features:

  • Cross-Platform
  • DNS listing
  • Txt record encryption
  • Automatic daemonization (Linux)
  • Unpredictable call-back time
  • Console hiding (Windows)
  • Process Name cloaking (Linux)

Supported Platforms:

  • Linux, Windows

Dependencies:

  • All from requirements.txt

Ddoor Install

Ddoor has a few requirements which you can install using pip. To install run:

$ pip3 install -r requirements.txt

After the installation, don’t forget to modify the config.h with your own domain, names and passwords.

Usage

To start payload manager, run:

$ ./payload_manager.py -h

@@@@@@@   @@@@@@@    @@@@@@    @@@@@@   @@@@@@@
@@@@@@@@  @@@@@@@@  @@@@@@@@  @@@@@@@@  @@@@@@@@
@@!  @@@  @@!  @@@  @@!  @@@  @@!  @@@  @@!  @@@
!@!  @!@  !@!  @!@  !@!  @!@  !@!  @!@  !@!  @!@
@!@  !@!  @!@  !@!  @!@  !@!  @!@  !@!  @!@!!@!
!@!  !!!  !@!  !!!  !@!  !!!  !@!  !!!  !!@!@!
!!:  !!!  !!:  !!!  !!:  !!!  !!:  !!!  !!: :!!
:!:  !:!  :!:  !:!  :!:  !:!  :!:  !:!  :!:  !:!
 :::: ::   :::: ::  ::::: ::  ::::: ::  ::   :::
:: :  :   :: :  :    : :  :    : :  :    :   : :
usage: payload_manager.py [-h] [-l LINUX_CMD] [-w WINDOWS_CMD]
                          [-d DOMAIN_SEARCH]

ddor, crossplatform dns backdoor

optional arguments:
  -h, --help        show this help message and exit
  -l LINUX_CMD      Linux Command
  -w WINDOWS_CMD    Windows Command
  -d DOMAIN_SEARCH  Domain to Check Commands On
Download Box