ICMP tunneling with ptunnel-ng

Anyone have any issues using the ptunnel-ng binary from Release SeLinux update, pcap improvment · utoni/ptunnel-ng · GitHub?

I’m currently on the ‘Pivoting, Tunneling, and Port Forwarding’ Module, section ’ ICMP Tunneling with SOCKS’. I’m able to compile the binary per instructions on my attack host(kali). I can execute the binary on my attack host. But when I move the folder to the pivothost, it won’t execute there. I tried running the auto.sh script but I keep getting the following error:
++ pwd

  • OLD_WD=/home/ubuntu/ptunnel-ng
    ++ dirname ./autogen.sh
  • NEW_WD=.
  • cd .
  • autoreconf -fi
    ./autogen.sh: line 10: autoreconf: command not found
  • aclocal
    ./autogen.sh: line 11: aclocal: command not found
  • autoheader
    ./autogen.sh: line 12: autoheader: command not found
  • automake --force-missing --add-missing
    ./autogen.sh: line 13: automake: command not found
  • autoconf
    ./autogen.sh: line 14: autoconf: command not found
  • cd /home/ubuntu/ptunnel-ng
  • ./configure
    ./autogen.sh: line 19: ./configure: No such file or directory

I tried sudo apt install autoconf on the pivot host(HTB instance), but it errors out. I’m assuming there are restrictions in place that prevent updating/changing packages on an HTB host; totally understandable.

How do I get ptunnel-ng to work on pivothost?

NOTE* I get the following error when trying to run the binary via repository directory transfered from attack host:

ubuntu@WEB01:~/ptunnel-ng/src$ ./ptunnel-ng -h
./ptunnel-ng: error while loading shared libraries: libcrypto.so.3: cannot open shared object file: No such file or

you don’t need to install anything, just clone the ptunnel-ng to your attack host then use command " sudo ./autogen.sh "
now copy the repo to pivot host using scp and use it directly

thats what I did

anyone manage to succesfull use ptunnel? also stuck here, Probably gonna just use another pivot method this ptunnel is full of fail.

Yes I did. I compiled it on a different linux distro(mint)5.4.0-135-generic x86_64. I think some of the lab boxes aren’t up to date. I had a similar issues with tools presented in Active Directory Enumeration & Attacks.

Thanks for the tip. So you loaded a very old version of Linux mint in order to compile the program? man im probably going to do Active directory enumeration next guess ill need to do that.

Pretty much. I’m def a noob, so I bet there’s a better way.

Had the same problem at first when trying to build it from scratch in the ubuntu server, but insted I built it in Parrot OS and copied the whole folder, including binaries, to the ubuntu server. No real need to build it in the victim host.

I had the same issue, solved installing autoreconf:
sudo apt install autoreconf

You have to find ubuntu distro with the same version of libc-bin as on pivot host.

I also got stuck here, I used another method, ssh with dynamic port and after connect via proxychains and rdp.

As of May 2023, I get the same errors as the OP. Using Kali-Linux (updated) on my attack host. Maybe have to use the parrot os to do it?

Yea I’m not an expert at this by any means, so take it with a grain of salt; I think its a GLIBC compatibility issue. Compiling binaries on one version of GLIBC may not work properly on other versions. Basically, I’d check the current version of GLIBC on the attack host with “ldd --version”, then compile the binary on an OS with that version. That’s basically what I did.

I recommend compiling it in a docker image of ‘ubuntu:20.04’.

how did U do “sudo apt install autoreconf” on the pivot machine??

just use the command line in the right directory, on the server-side and attack ost, you must run the ptunnel-ng command line in /ptunnel-ng/src directory. I was stuck, and just did this, and the there was no error.