ABOUT REMOTE ADMINISTRATION TOOLS
Domain Name Systems
A Domain Name System is a method that domain names use to identify and translate into a protocol of internet addresses. These names are custom and can contain numbers and letters within the DNS name, which are then turned into IP addresses.
Now first within this tutorial I’ll be explaining what they are used on for remote administration tools. Then within the second part I’ll include a more formal approach on what they do, and how connectivity works within a network of systems. Now you’re probably wondering what is this random thing which looks like a website but it isn’t a real website which I need to use to enter into my builder to create my stub when I use my remote administration tool? But actually this weird looking thing does more then you think 😉 Now when I enter my DNS to my builder, you would actually use your public IP address for your remote administration tool to be able to have connectivity between you and your infected system, but instead we take a safer approach and connect to a server on the offside, which is your Domain Name System (DNS).
A example of how your remote administration tool, your router, and a infected system is shown below within this code.
——> isec1337.jumpingcrab.com(DNS)(192.168.1.2) ——
> ISP (126.96.36.199)
——> ISP (188.8.131.52)(Infected) ——
> isec1337.jumpingcrab.com(DNS)(Infected)(10.0.0.2) ——
So that has basically created a internal WAN on your remote administration tool to be able to connect from your network, to his network. This outlines what a DNS does, and is used for. So no wonder why if your infected user turns his network off, he will not appear on your remote administration tool, and that is because of this reason. The example above outlines how a remote administration tool connects to a DNS to connect to your infected system. But there’s alot more a DNS can be used for. Within this tutorial I’ll explain more to give you more detail into what you’re dealing with here. Now lets go outside the box. This is how a DNS is used within a internal private network of computers, and how one machine can run a whole system. Now within this diagram we have 2 machines in our network. 1 is our client, the other is our network server. As shown below we see 192.168.100.0 /24 as the default gateway, they are each assigned an IP. 192.168.100.2(Client) & 192.168.100.10(Server) now you see these 2 machines are connected as they share the same router. We also know this because of the IP/Subnet.
As we can now see, we have our own network. But it wants to connect to a server? How is this possible. Now when the user changes his network settings and reroutes his DNS to somewhere different other then his default ISP’s DNS, he is then connecting to a different domain/network. This allows communication between other networks and clients.
So basically that is it. I’ve shown you the basic examples on how a Domain Name System Works, and what it is used for when it comes to remote administration tools and connectivity with other networks. I hope this answers most of you new members questions on what a DNS is used for.