Comments (4)
cyrus-and
commented on May 20, 2024
Hey! That's expected of course, none of the commands listed here will allow you to escalate your privileges in an unintended way, meaning that they're not exploits, that just how they work, there's nothing to fix from the vendor perspective. The goal of GTFOBins is to collect some ways a binary/script can be used to perform some action.
Now, cat is a bit of a stretch here, because yeah, cat reads file right? But it has been added for completeness, and as you can image makes little sense in you just run it from a shell.
(As a side note, we often use the term "restricted shell" in a broad way, but restricted shells though, are particular feature that some shells have, think of it of a very loose jailed environment, and some of the techniques listed here allow to bypass it, but it's quite trivial and not the whole point. See RESTRICTED SHELL in man bash.)
Take for example a scenario in which you have some limited form of command execution via, say, a vulnerable PHP web application, where you only have some commands available, you want to read some file, so you query GTFOBins and you obtain a list of binaries, cat is one of them. So you can use it to reach your goal. Again, the fact that cat reads files is not big news, but still, it's something that GTFOBins should return as an answer to that query.
I hope this makes sense, feel free to ask otherwise. :)
from gtfobins.github.io.
cho-uc
commented on May 20, 2024
Hello,
Many thanks for your answer! ππ½
I read up about RESTRICTED SHELL and it makes everything clear now.
Another question:
If you put in cat in the list, is there a reason why you didn't put ls as well?
Using ls can also list up all directories and files outside of the restricted dir.
from gtfobins.github.io.
cyrus-and
commented on May 20, 2024
If you put in
catin the list, is there a reason why you didn't putlsas well?
Usinglscan also list up all directories and files outside of the restricted dir.
Yeah, as you can imagine the list of functions supported by GTFOBins is only a small subset of all the possible functions that are actually useful in a pentest/hacking context, and the definition is often quite blurry, it would be realistically impossible to map precisely all the functions provided by those binaries.
Also, you might have noticed that there's no file copy, and for the same reason; in those cases we usually just use file write. And same goes to a certain extent with ls: file list would probably be too much, I guess that could be reduced to a file read.
The list of functions is not fixed though but we're quite conservative about it.
from gtfobins.github.io.
cho-uc
commented on May 20, 2024
Ok, it's clear now.
Many thanks! π
from gtfobins.github.io.
Related Issues (20)
- Snap [New Feature] HOT 4
- Snap HOT 1
- Node Shell is not working HOT 1
- [dpkg] priv esc HOT 3
- Any script to run through all the escalations and see if they βworkβ? HOT 2
- ispell / contributing HOT 1
- Hello -> SUID for usr/bin/screen HOT 2
- bundle command missing, is alias for bundler?
- How to add examples? HOT 1
- Fix for sudo from NPM binary HOT 1
- ruby CAP_CHOWN capability HOT 1
- The SUID authorization command of the rsync command is incorrect; Missing - p parameter HOT 5
- Wget SUDO old version HOT 1
- Additional wireshark trick HOT 1
- Add privilege escalation technique using LXD/LXC HOT 2
- genisoimage file read HOT 1
- Proposal: Limited File Write Category
- Proposal: Expand Capabilities to other exploitable types eg CAP_CHOWN, CAP_SYS_PTRACE
- Recent Commit Accidentally Removes Bash Methods HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
π Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. πππ
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google β€οΈ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from gtfobins.github.io.