ICMP Tunneling with SOCKS
ICMP tunneling encapsulates your traffic within ICMP packets
containing echo requests
and responses
. ICMP tunneling would only work when ping responses are permitted within a firewalled network. When a host within a firewalled network is allowed to ping an external server, it can encapsulate its traffic within the ping echo request and send it to an external server. The external server can validate this traffic and send an appropriate response, which is extremely useful for data exfiltration and creating pivot tunnels to an external server.
We will use the ptunnel-ng tool to create a tunnel between our Ubuntu server and our attack host. Once a tunnel is created, we will be able to proxy our traffic through the ptunnel-ng client
. We can start the ptunnel-ng server
on the target pivot host. Let's start by setting up ptunnel-ng.