GTFOBins.github.io
GTFOBins.github.io copied to clipboard
GTFOBins
GTFOBins is a curated list of Unix binaries that can be used to bypass local security restrictions in misconfigured systems
Fix rsync issue #388 by adding missing -p flag
Currently only the CAP_SETUID capability is supported. I propose we expand the category to support other exploitable capability types, such as CAP_SYS_PTRACE. As long as the capability provides some sort...
Currently all file writes are kept in the single category `File Write`. However not all file writes are equal. Some, such as `cp`, `dd`, and `mv` give you full control...
ref : https://exploit-notes.hdks.org/exploit/linux/privilege-escalation/sudo/sudo-shutdown-poweroff-privilege-escalation/ if user hash sudo shutdown privilege , we can use this command get root shell
Just came across this technique on a Hack the box machine. I guess it would be good to have it as a technique GTFOBins. Some sources: https://book.hacktricks.xyz/linux-hardening/privilege-escalation/interesting-groups-linux-pe/lxd-privilege-escalation
Hello, I added the `code` executable (the non free Microsoft's binary) as it can be used to create a tunnel to a Microsoft's endpoint (`vscode.dev`) and so get a "reverse"...
This PR introduces a HTTP syntax for perl binary. Was missing it one of the recent engagements -- the fact that perl didn't had these tags resulted in missing opportunity...
