Skip to content

int0x33/ping-pwn

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

5 Commits
 
 
 
 
 
 

Repository files navigation

ping-pwn

ICMP shell for Linux — tunnels commands and output through ICMP echo packets.

Requirements

  • Python 3
  • Scapy (pip install scapy)
  • Root / sudo (raw sockets require privileges)

Usage

On the target (server)

sudo python3 ping.py -i eth0

On the attacker (client)

sudo python3 pwn.py eth0 <target_ip>

You get an interactive shell prompt. Type commands as usual — cd, ls, cat /etc/passwd, etc. Type exit to quit.

How it works

  1. The client sends shell commands inside ICMP echo-request payloads.
  2. The server sniffs ICMP, extracts the command, runs it, and sends the output back as ICMP packets.
  3. Large outputs are automatically chunked to stay within MTU limits.
  4. A 4-byte magic header (PPWN) prevents the shell from reacting to normal ping traffic.

Features

  • Python 3 with proper byte handling
  • Interactive prompt with working directory tracking
  • cd support (directory changes persist across commands)
  • Chunked output reassembly for large command results
  • 30-second command timeout
  • Graceful exit handling
  • Configurable network interface via CLI args

Disclaimer

This tool is intended for authorized security testing, CTF challenges, and educational purposes only. Do not use it without explicit permission on systems you do not own.

About

ICMP Shell for Linux using ICMP tunneling

Resources

Stars

6 stars

Watchers

0 watching

Forks

Releases

No releases published

Packages

 
 
 

Contributors

Languages