Active Members Fi8sVrs Posted February 16, 2014 Active Members Report Posted February 16, 2014 BackgroundSometimes, network administrators make the penetration tester's life harder. Some of them do use firewalls for what they are meant to, surprisingly! Allowing traffic only onto known machines, ports and services (ingress filtering) and setting strong egress access control lists is one of these cases. In such scenarios when you have owned a machine part of the internal network or the DMZ (e.g. in a Citrix breakout engagement or similar), it is not always trivial to get a reverse shell over TCP, not to consider a bind shell.However, what about UDP (commonly a DNS tunnel) or ICMP as the channel to get a reverse shell? ICMP is the focus on this tool.Descriptionicmpsh is a simple reverse ICMP shell with a win32 slave and a POSIX compatible master in C, Perl or Python. The main advantage over the other similar open source tools is that it does not require administrative privileges to run onto the target machine.The tool is clean, easy and portable. The slave (client) runs on the target Windows machine, it is written in C and works on Windows only whereas the master (server) can run on any platform on the attacker machine as it has been implemented in C and Perl by Nico Leidecker and I have ported it to Python too, hence this GitHub fork. Features Open source software - primarily coded by Nico, forked by me. Client/server architecture. The master is portable across any platform that can run either C, Perl or Python code. The target system has to be Windows because the slave runs on that platform only for now. The user running the slave on the target system does not require administrative privileges.Download:https://github.com/inquisb/icmpsh.gitSource Quote
