GTFOBins.github.io
GTFOBins.github.io copied to clipboard
GTFOBins
GTFOBins is a curated list of Unix binaries that can be used to bypass local security restrictions in misconfigured systems
Hi! The section about SUID with only mentoins this option: > ./vim -c ':py import os; os.execl("/bin/sh", "sh", "-pc", "reset; exec sh -p")' This can be added: >./vim -c ':set...
Update psql.md The previous option was not working for me and the new one is working
nano needs -p when used as suid to get a shell: 
Hi! I tried to run the code for the command `find` in file-write but it's not working for me. I guess it's because of a typo in `file.md`
## Summary This PR adds command execution capabilities to the `run-parts` binary. Run-parts is capable of executing shell scripts, which allows for proxied command execution. ``` > root@vm:/home/ruben_groenewoud# printf '#!/bin/sh\n/bin/sh...
## Summary This PR adds a new GTFOBin, `systemd-run`, which is available by-default on most distributions that leverage Systemd. It allows for spawning shells, escaping jails, uploading/downloading files, root backdoors,...
BorgBackup (short: Borg) is a deduplicating backup program. Optionally, it supports compression and authenticated encryption. The techniques shown in this PR leverages Borg's `--rsh` argument. When set, the argument's value...
This technique uses `dhclient`'s script file option `-sf` to execute arbitrary commands with `sudo`. `dhclient` is a tool for DHCP and present on many linux systems. Reference: https://linux.die.net/man/8/dhclient
