This is a awesome way to use usual programs/commands in an unusual way. This PoC can be used to discover open ports on a remote PC when we have the possibility to send to it a blind command but we have no idea about TCP control in the remote environment. These simple scripts take advantage of the length of ICMP packets sended by the ping command. Some simple pipeling provide the normalization of sended and captured strings. In the following case two Linux machines are used.
On the local PC I start a logging process:
On the PC to test, maybe using a blind command:
Again on local PC I collect and normalize the log:
I based this Proof of Concept on the article “Blind Command Line Injection” from PenTest Magazine by Mr. Chris Duffy: thank you.