GTFOBins
GTFOBins is a curated collection of Unix-like executables that can be used to bypass local security restrictions in misconfigured systems. It documents legitimate program functions that may be abused for tasks such as escaping restricted shells, escalating privileges, or transferring files. The project is maintained by Emilio Pinna, Andrea Cardaci, and community contributors, and emphasizes 'living off the land' rather than exploiting vulnerabilities.
- ▪GTFOBins lists legitimate Unix-like executables that can be abused to bypass security restrictions.
- ▪The executables listed are not inherently vulnerable but can be misused in poorly configured environments.
- ▪The project supports post-exploitation activities like privilege escalation, file transfer, and shell spawning.
- ▪GTFOBins is a community-driven effort and includes a JSON API for integration and automation.
- ▪A similar project, LOLBAS, exists for Windows binaries with comparable objectives.
Opening excerpt (first ~120 words) tap to expand
.github-corner:hover .octo-arm{animation:octocat-wave 560ms ease-in-out}@keyframes octocat-wave{0%,100%{transform:rotate(0)}20%,60%{transform:rotate(-25deg)}40%,80%{transform:rotate(10deg)}}@media (max-width:500px){.github-corner:hover .octo-arm{animation:none}.github-corner .octo-arm{animation:octocat-wave 560ms ease-in-out}} GTFOBins Sponsor Fork Star Sponsor Fork Star GTFOBins is a curated list of Unix-like executables that can be used to bypass local security restrictions in misconfigured systems. The project collects legitimate functions of Unix-like executables that can be abused to get the f**k break out restricted shells, escalate or maintain elevated privileges, transfer files, spawn bind and reverse shells, and facilitate other post-exploitation tasks.
…
Excerpt limited to ~120 words for fair-use compliance. The full article is at Gtfobins.
Discussion
0 commentsMore from Gtfobins
