Add wireshark sudo file write

Co-authored-by: Andrea Cardaci <cyrus.and@gmail.com>
2025-11-04 02:38:43 +01:00 · 2022-01-27 14:53:26 +01:00
parent 50ab4f0ce0
commit 74e021e8ef
1 changed files with 18 additions and 0 deletions
--- a/_gtfobins/wireshark.md
+++ b/_gtfobins/wireshark.md
@@ -0,0 +1,18 @@
+---
+functions:
+  sudo:
+    - description: |
+        This technique can be used to write arbitrary files, i.e., the dump of one UDP packet.
+
+        After starting Wireshark, and waiting for the capture to begin, deliver the UDP packet, e.g., with `nc` (see below). The capture then stops and the packet dump can be saved:
+
+        1. select the only received packet;
+
+        2. right-click on "Data" from the "Packet Details" pane, and select "Export Packet Bytes...";
+
+        3. choose where to save the packet dump.
+      code: |
+        PORT=4444
+        sudo wireshark -c 1 -i lo -k -f "udp port $PORT" &
+        echo 'DATA' | nc -u 127.127.127.127 "$PORT"
+---