Anyone who ever deals with server managment knows the famous
Ping send ICMP request to a remote host, it’s commonly used to test if a server is alive or to know his ip address.
However ping options allow us to customize this requests in some way, then it becomes possible to transfer any type of data.
For the purpose I test my script with different media types like png or mp3 and it worked perfectly.
By default ping requests are formed with 98 bytes including 56 bytes of data and various headers.
-p option, ping allows you to customize 16 of those 56 bytes:
Here is the request catched with
tcpdump on the remote host:
As you can see the submitted string repeats again and again until the end of the data request. If you provide a string longer than 16 bytes it will be truncated. From here, we can convert any data to hexa and send it through ping request.
For my tests I used the following Anonymous image:
This image is about 7Ko so the script sent near 1200 ping requests, which is alot… It’s also time consuming but to be honest it’s so fun :) Below the poc:
Note: the script also works if echo request has been disable on the remote host (with
icmp_echo_ignore_all equal to
but slower. Feel free to mail me if you want to take a look at the scripts.