ICMP: The Internet Control Message
Protocol
As you know, ICMP is a protocol
that is used detect the presence of a active host. We can determine if a host
is active (pay attention, newbies) by simply typing:
·
kali
> ping <IPaddress>
There
are multiple types of ICMP messages, but this one is echo request(Type 0) and echo reply (Type 8). Although nearly all of us use ping one time or another, keep in mind that there
are other types of ICMP that can come in handy when scanning or hacking systems
that may block or drop ICMP Type 0.
If a server accepts ICMP (many
won't as a security precaution), you can use ICMP to bypass the need for
authentication via the proxy (that webpage that asks you for credentials).
Because it is very slow, I don't recommend this for daily use, but in a pinch,
this can be a very innovative way to get your email when you don't want to buy
access to the service, or—you want to access the web without leaving a trace.
Step 1: Fire Up Kali &
Download Icmptx
To
begin, let's fire up Kali Linux and download icmptx. Since icmptx is in the Kali repository, all we
need to do is:
·
kali
> apt-get install icmptx
This will install icmptx to your
Kali operating system.
Step 2: Getting Help
Next, let's take a look at the
help file for icmptx. Simply type:
·
kali
> icmptx
This help screen will appear. As
you can see, the syntax is very straightforward and simple. Unfortunately, the
implementation is not.
When we downloaded icmptx, it
installed a manual page, so let's take a look at it by typing:
·
kali
> man icmptx
The manual page doesn't offer much
more information than the help page.
Step 3: Server Side Proxy
The way icmptx works is that you
need to set up a proxy/server between you, the client, and the intended target
on the web. First, let's set up the proxy/server.
To set up the up the
proxy/server, the syntax is simple:
·
kali
> icmptx -s 10.0.0.1
This points the server/proxy at
the IP address 10.0.0.1. This is only an example; you will need to replace this
IP with whatever the target IP address you are trying to connect to.
Step 4: Tunneling
Next, we need to set up a
tunnel. A tunnel provides a packet transmission and reception place for
user-based applications. Since icmptx is a user-based application, we need to
set up a tunnel to send and receive packets, in this case, ICMP packets.
We can check to see whether our
kernel supports tunneling by typing:
·
kali
> ifconfig tun0
This response indicates that our
Debian operating system (that Kali is built on) supports tunneling. Let's set
up a tunnel on the server now.
Step 5: IP Forwarding
Next, we need to set up this
server to first, ignore ICMP requests and second, forward IP traffic. If we
didn't tell the kernel to ignore ICMP requests, it would respond with a echo
reply (Type 8), which is the normal response. We don't want that. We want the
ICMP traffic to enter the server and pass right through it.
We can tell the kernel to ignore
ICMP traffic by typing:
·
kali
> echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_all
Then we need to forward IP
traffic, by typing:
·
kali
> echo 1 > /proc/sys/net/ipv4/ip_forward
Step 6: Set Up the Client
Now, let's set up our client.
This is the system we will be using to access the Internet from. We need to
install icmptx on this system as well, but here we will be using the client and
not the server setup.
To do so, type:
·
kali
> icmptx -c <IP address of the proxy/server>
Then we need to establish a tunnel
on this system as well.
Next, we need to set up a route
to the proxy.
Lastly, we need to set a route
through the tunnel we created (tun0) to the server on the web we want to
access.
Now, when you want to access
that site on the web, you can do so without authenticating and be almost
totally invisible!
Although using icmptx is
probably not a practical means of accessing the web on a daily basis, in a
pinch or under severely clandestine circumstances, it will get you past
web-based authentication and leave almost no trail. Few, if any, security
administrators will be looking for ICMP traffic to trace your activities and,
since you did not have to authenticate, your trail is almost invisible. In
addition, if you set up the server on a zombie system, the only trail will lead
back to the server/zombie without a highly skilled forensic investigation.
No comments:
Post a comment