#!/usr/bin/env perl =pod ICMP Message Transporter hides your message inside an ICMP Echo Reply. - Use a sniffer to see the message. - You must know the IP address of your destination! Use this script if TCP/UDP is under surveillance. Most people dont know that you can hide something in ICMP PING requests. Perforin - virii - vxnetw0rk - C3L Usage: perl icmp_msg.pl IP TEXTFILE =cut use IO::Socket; use NetPacket::IP; use NetPacket::ICMP; use Net::RawIP; use Net::Ping; my $sock = IO::Socket::INET->new( Proto => "ICMP", Type => SOCK_RAW, Blocking => 0) or die "$!"; ($destinationIP,$file) = @ARGV; hlp() if scalar @ARGV < 2; print "[-] That is no IP address\n" and exit if $destinationIP !~ /^(\d+\.\d+\.\d+\.\d+)$/; print "[-] File is missing\n" and exit unless -e $file; print <<"INTRO"; [!] ICMP Message Transporter started [+] Destination IP $destinationIP [+] Preparing to send file $file INTRO $pong = Net::Ping->new("icmp"); print "[+] Sending requests to $destinationIP\n"; for (0..2) { $pong->ping($destinationIP) || die "[-] $destinationIP seems to be down\n"; } $pong->close(); while ($pingcounter < 2) { if ($sock->recv(my $buffer, 4096, 0)) { my $ip = NetPacket::IP->decode($buffer); my $icmp = NetPacket::ICMP->decode($ip->{data}); if ($icmp->{type} == ICMP_ECHO) { $pingcounter++; if ($pingcounter == 2) { if ($ip->{src_ip} eq $destinationIP) { open (DATA, "<", $file) || die "[-] File not found!\n"; foreach $line () { $input .= $line; } close DATA; print "[+] Including our message\n"; $icmp->{type} = ICMP_ECHOREPLY; $icmp->{data} = pack("SSa*", $ident, $seq, $input); my $raw = $icmp->encode(); my $addr = sockaddr_in(0, inet_aton($destinationIP)); $sock->send($raw, 0, $addr) or die "$!\n"; print "[+] Successfully send the ICMP echo reply\n"; } } } } } sub hlp { print <<"HELP"; [!] ICMP Message Transporter by virii [!] Contact virii\@tormail.org perl $0 IP FILE HELP exit; }