GCIH · Question #636
Which tool can be used to exfiltrate data from a system that can only reach the remote host using ICMP?
The correct answer is A. Ptunnel. Ptunnel encapsulates TCP traffic inside ICMP echo request and reply packets, enabling data exfiltration through environments that permit only ICMP traffic.
Question
Which tool can be used to exfiltrate data from a system that can only reach the remote host using ICMP?
Options
- APtunnel
- BSCTP
- CNetcat
- DQUICK
How the community answered
(37 responses)- A89% (33)
- B3% (1)
- C3% (1)
- D5% (2)
Why each option
Ptunnel encapsulates TCP traffic inside ICMP echo request and reply packets, enabling data exfiltration through environments that permit only ICMP traffic.
Ptunnel (Ping Tunnel) works by wrapping TCP session data inside ICMP echo packets, allowing an attacker to establish a functional data channel to a remote host even when the only permitted protocol is ICMP. Because the payload is hidden within standard ping traffic, it bypasses firewall rules that block TCP and UDP while still allowing the attacker to exfiltrate data bidirectionally.
SCTP (Stream Control Transmission Protocol) is a transport-layer protocol that operates directly over IP, not ICMP, and has no mechanism for encapsulating traffic inside ping packets.
Netcat establishes connections over TCP or UDP and cannot wrap its traffic inside ICMP packets, making it unusable when only ICMP is permitted.
QUIC is a Google-developed transport protocol built on UDP datagrams, not ICMP, and is not a tunneling or exfiltration utility.
Concept tested: ICMP tunneling for data exfiltration
Source: https://github.com/nicowillis/ptunnel
Topics
Community Discussion
No community discussion yet for this question.