Python3 implementing the ICMP Remote Control back door (upper)

these days have been studying the remote control Trojan some of the communication protocols, such as Tcp,udp,icmp,dns,http, and so on, for the tcp,udp of these two are not explained, because too common.

Everyone may be the use of Icmp,dns Trojan is not very familiar with, in fact, the two protocols in the Trojan communication is very popular, characterized by relatively covert, not easily blocked. The HTTP protocol is primarily used in scenarios where large Web sites are used as C&C servers, such as using Twitter as a c&c server.

This time with the ICMP protocol analysis, and the use of Python to develop an ICMP remote control back door, before writing this article, I feel that everyone is not very understanding of the ICMP protocol, so the implementation of the ICMP backdoor is divided into several to explain, gradual. This article explains the contents of the ICMP protocol and uses Python to implement a simple ping.

Section I. What is the ICMP protocol?

Do not know if you have ping Baidu, used to test their network is not unblocked, as shown.

The ping command is the ICMP protocol, in the process of ping Baidu, we use Wireshark grab the bag, so it is more intuitive. As shown, the ICMP protocol is a typical one-answer mode, the machine sends the ICMP request packet to the Baidu server, if the request packet arrives at the destination successfully, the Baidu server responds to the ICMP response packet.

Section II ICMP protocol and message format

ICMP (Internet Control Message Protocol) is a sub-protocol in the IPV4 protocol family that is used to pass control messages between IP hosts and routers. Control messages are messages on the network itself, whether the host is accessible, whether the route is available, and so on. The ICMP packet is based on the IP protocol and has the following message format:

As shown in the actual transmission of the ICMP protocol packet: 20 byte IP header + 8 bytes ICMP header + 1472 bytes < data size >38 bytes. For the ICMP header subdivided into 8-bit type + 8-bit code + 16-bit checksum + 16-bit identifier + 16-bit serial number, where the type value is as follows, we are concerned with the request (value 8) and the answer (value 0).

The third section Ping implements

In the above we briefly explained the ICMP message format, next we use Python3 according to the message format simple implementation ping function, mainly uses the raw socket technology, namely the original socket, uses the struct pack method to package the ICMP message. The code implementation is as follows:

Initialization of the original socket, using the following code:

Socket.socket (Socket.af_inet,socket. Sock_raw, Socket.getprotobyname (' ICMP '))

The more complex is the calculation of the checksum, the calculation method is as follows:

1. The ICMP header and the entire contents of the data are treated as 16-bit integer sequences (in network byte order).

2. Computes the binary inverse of each integer separately and adds

3. The result is calculated once by binary inverse code.

To test the ping effect

Note Run the Python script with administrator privileges and ping the address of Baidu directly 220.181.112.244

Open the Wireshark grab bag at the same time.

Final complete code

Ping's full code, please follow the public number, see the original text. Remember to recommend yo.

Python3 implementing the ICMP Remote Control back door (upper)