DNS beacon agents (both EXE and raw shellcode formats) execute successfully on the target but never send any DNS queries. The process stays alive with a single thread in a wait state and zero CPU usage. No UDP port 53 traffic is observed from the beacon process — confirmed via netstat, netsh trace, and tcpdump on the C2 server.
HTTP/HTTPS beacon works perfectly on the same target with the same build pipeline, confirming that the core agent code (ApiLoad, AgentConfig, Agent,
main loop) functions correctly.
Environment:
- Adaptix version:1.2
- Target OS: Windows 11 Pro (10.0.26200)
- C2 server: Kali Linux
- C2 UI: Windows 10 Pro
DNS infrastructure (confirmed working):
- Domain: delegated via Cloudflare NS records to C2 IP
- pfSense NAT forwarding UDP+TCP 53 to Adaptix server
- nslookup -type=TXT test.c2.domain.com 1.1.1.1 returns "OK" from the Adaptix DNS listener
- Listener shows protocol "dns" in the UI list and is green/listening
- ss -ulnp confirms Adaptix bound to UDP 53
DNS agent config:
- DNS Mode: Direct UDP
- Resolvers: 1.1.1.1, 8.8.8.8, 9.9.9.9
- Sleep: 4s
- Burst mode: off
- Max payload: 4096 bytes
- TTL: 5s
Observations:
- Built DNS agent as EXE — process runs, ws2_32.dll is loaded, but zero UDP sockets created, zero DNS traffic
- Built DNS agent as shellcode, loaded via third-party packer — same result: shellcode executes, threads are created, but zero DNS traffic
- Built HTTPS agent as shellcode — callbacks immediately, session established
- Get-Process shows beacon with CPU=0, WorkingSet ~5.5MB, single thread in Wait/UserRequest state
- netstat -anop udp | findstr ":53" shows only PID 4988 (DNS Client service), no beacon sockets
- netsh trace filtered for UDP to resolver IPs captured zero packets after beacon launch
- tcpdump on C2 server shows zero beacon-related queries
Minor UI note:
When editing an existing DNS listener, the Protocol dropdown shows "any" (disabled) instead of "dns". The listener list correctly shows "dns". This is cosmetic only but initially caused confusion during debugging.
Expected behavior: DNS beacon should send UDP DNS queries to configured resolvers and establish a session.
Actual behavior: DNS beacon runs but never initiates any network activity. Process stays alive indefinitely.
DNS beacon agents (both EXE and raw shellcode formats) execute successfully on the target but never send any DNS queries. The process stays alive with a single thread in a wait state and zero CPU usage. No UDP port 53 traffic is observed from the beacon process — confirmed via netstat, netsh trace, and tcpdump on the C2 server.
HTTP/HTTPS beacon works perfectly on the same target with the same build pipeline, confirming that the core agent code (ApiLoad, AgentConfig, Agent,
main loop) functions correctly.
Environment:
DNS infrastructure (confirmed working):
DNS agent config:
Observations:
Minor UI note:
When editing an existing DNS listener, the Protocol dropdown shows "any" (disabled) instead of "dns". The listener list correctly shows "dns". This is cosmetic only but initially caused confusion during debugging.
Expected behavior: DNS beacon should send UDP DNS queries to configured resolvers and establish a session.
Actual behavior: DNS beacon runs but never initiates any network activity. Process stays alive indefinitely.