.. / wireshark

command

运行非交互式系统命令来摆脱受限环境。

• This requires GUI interaction. Start Wireshark, then from the main menu, select "Tools" -> "Lua" -> "Evaluate". A window opens that allows to execute lua code.

  wireshark

sudo

如果二进制文件被 sudo 允许以超级用户身份运行，可能被用于访问文件系统、提升或维持特权访问。

• This technique can be used to write arbitrary files, i.e., the dump of one UDP packet. After starting Wireshark, and waiting for the capture to begin, deliver the UDP packet, e.g., with nc (see below). The capture then stops and the packet dump can be saved: 1. select the only received packet; 2. right-click on "Data" from the "Packet Details" pane, and select "Export Packet Bytes..."; 3. choose where to save the packet dump.

  PORT=4444
  sudo wireshark -c 1 -i lo -k -f "udp port $PORT" &
  echo 'DATA' | nc -u 127.127.127.127 "$PORT"