As a penetration tester, the best outcome of any given exploit is to achieve remote code execution. However, there are cases in which we might just want to determine if a remote code execution vulnerability is exploitable but don't want to actually follow through the entire exploitation and post-exploitation process. One way to do this is to run a script that logs ICMP traffic and then execute a ping
command on the remote system. This recipe will demonstrate how to write a custom script for validating remote code execution vulnerabilities with ICMP traffic.
To validate vulnerabilities using ICMP traffic logging, you will need to have a remote system that is running an exploitable code execution vulnerability. Additionally, this section will require a script to be written to the filesystem by using a text editor such as VIM or Nano. For more information on writing scripts, refer to the Using text editors (VIM and Nano) recipe in...