DNS_TXT_Pwnage bug when exfil and no authns especified

[georgemulder]

Hi,

When no AuthNS is especified and you choose to exfiltrate data, there is a bug where the value of the exfiloption parameter fills AuthNS one. This is observed in the next screenshot:

The parameter webserver is used as the last paremeter of nslookup (AuthNS) This is why "Can't find server address for 'webserver'" message appears.

AuthNs has no default value so it becomes $null. Sentences like "if ($AuthNS -ne $null)" are ok in this context but the way, the script is loaded, in this sentence:

$options = "DNS-TXT-Logic $Startdomain $cmdstring $commanddomain $psstring $psdomain $Arguments $Stopstring $AuthNS $ExfilOption $dev_key $username $password $URL $DomainName $ExfilNS $exfil $LoadFunction"

$AuthNS is not a string so, the written script at temp directory, will have a space instead, leaving the next parameter, ExfilOption as the AuthNS one. All paremeters go to the left leaving $exfil without value, rendering exfiltration unusable.

I thought two solutions:

1. Before initializing $options variable, check if $AuthNS is $null, if it is, change the value to "null" (String)
2. Give a default value of "null" (String) and change the if's: if ($AuthNS -ne "null")

I think option 2 is cleaner so i will PR it. Hope you feel good about this and accept it.

[Bluekezhou]

您的邮件已收到，谢谢！