ICMP Tunneling with SOCKS
ICMP tunneling encapsulates your traffic within
ICMP packets containing
echo requests and
responses. ICMP tunneling would only work when ping responses are permitted within a firewalled network. When a host within a firewalled network is allowed to ping an external server, it can encapsulate its traffic within the ping echo request and send it to an external server. The external server can validate this traffic and send an appropriate response, which is extremely useful for data exfiltration and creating pivot tunnels to an external server.
We will use the ptunnel-ng tool to create a tunnel between our Ubuntu server and our attack host. Once a tunnel is created, we will be able to proxy our traffic through the
ptunnel-ng client. We can start the
ptunnel-ng server on the target pivot host. Let's start by setting up ptunnel-ng.