GTFOBins

GTFOBins is a curated list of Unix binaries that can be used to bypass local security restrictions in misconfigured systems.

The project collects legitimate functions of Unix binaries that can be abused to ~~get the f**k~~ break out restricted shells, escalate or maintain elevated privileges, transfer files, spawn bind and reverse shells, and facilitate the other post-exploitation tasks.

It is important to note that this is not a list of exploits, and the programs listed here are not vulnerable per se, rather, GTFOBins is a compendium about how to live off the land when you only have certain binaries available.

Binary	Functions
ansible-playbook	Shell Sudo
apt-get	Shell Sudo
apt	Shell Sudo
ar	File read SUID Sudo
aria2c	Command Sudo Limited SUID
arj	File write File read SUID Sudo
arp	File read SUID Sudo
ash	Shell File write SUID Sudo
at	Shell Command Sudo
atobm	File read SUID Sudo
awk	Shell Non-interactive reverse shell Non-interactive bind shell File write File read SUID Sudo Limited SUID
base32	File read SUID Sudo
base64	File read SUID Sudo
basenc	File read SUID Sudo
bash	Shell Reverse shell File upload File download File write File read Library load SUID Sudo
bpftrace	Sudo
bridge	File read SUID Sudo
bundler	Shell Sudo
busctl	Shell Sudo
busybox	Shell File upload File write File read SUID Sudo
byebug	Shell Sudo Limited SUID
c89	Shell File write File read Sudo
c99	Shell File write File read Sudo
cancel	File upload
capsh	Shell SUID Sudo
cat	File read SUID Sudo
certbot	Shell Sudo
check_by_ssh	Shell Sudo
check_cups	File read Sudo
check_log	File write File read Sudo
check_memory	File read Sudo
check_raid	File read Sudo
check_ssl_cert	Command Sudo
check_statusfile	File read Sudo
chmod	SUID Sudo
chown	SUID Sudo
chroot	SUID Sudo
cmp	File read SUID Sudo
cobc	Shell Sudo
column	File read SUID Sudo
comm	File read SUID Sudo
composer	Shell Sudo Limited SUID
cowsay	Shell Sudo
cowthink	Shell Sudo
cp	File write File read SUID Sudo
cpan	Shell Reverse shell File upload File download Sudo
cpio	Shell File write File read SUID Sudo
cpulimit	Shell SUID Sudo
crash	Shell Command Sudo
crontab	Command Sudo
csh	Shell File write SUID Sudo
csplit	File write File read SUID Sudo
csvtool	Shell File write File read SUID Sudo
cupsfilter	File read SUID Sudo
curl	File upload File download File write File read SUID Sudo
cut	File read SUID Sudo
dash	Shell File write SUID Sudo
date	File read SUID Sudo
dd	File write File read SUID Sudo
dialog	File read SUID Sudo
diff	File read SUID Sudo
dig	File read SUID Sudo
dmesg	Shell File read Sudo
dmidecode	Sudo
dmsetup	SUID Sudo
dnf	Sudo
docker	Shell File write File read SUID Sudo
dpkg	Shell Sudo
dvips	Shell Sudo Limited SUID
easy_install	Shell Reverse shell File upload File download File write File read Library load Sudo
eb	Shell Sudo
ed	Shell File write File read SUID Sudo Limited SUID
emacs	Shell File write File read SUID Sudo
env	Shell SUID Sudo
eqn	File read SUID Sudo
ex	Shell File write File read Sudo
exiftool	File write File read Sudo
expand	File read SUID Sudo
expect	Shell File read SUID Sudo
facter	Shell Sudo
file	File read SUID Sudo
find	Shell SUID Sudo
finger	File upload File download
flock	Shell SUID Sudo
fmt	File read SUID Sudo
fold	File read SUID Sudo
ftp	Shell File upload File download Sudo
gawk	Shell Non-interactive reverse shell Non-interactive bind shell File write File read SUID Sudo Limited SUID
gcc	Shell File write File read Sudo
gdb	Shell Reverse shell File upload File download File write File read Library load SUID Sudo Capabilities
gem	Shell Sudo
genisoimage	File read Sudo
ghc	Shell Sudo
ghci	Shell Sudo
gimp	Shell Reverse shell File upload File download File write File read Library load SUID Sudo
git	Shell File read Sudo Limited SUID
grep	File read SUID Sudo
gtester	Shell File write SUID Sudo
gzip	File read SUID Sudo
hd	File read SUID Sudo
head	File read SUID Sudo
hexdump	File read SUID Sudo
highlight	File read SUID Sudo
hping3	Shell SUID Sudo
iconv	File write File read SUID Sudo
iftop	Shell Sudo Limited SUID
install	SUID Sudo
ionice	Shell SUID Sudo
ip	File read SUID Sudo
irb	Shell Reverse shell File upload File download File write File read Library load Sudo
jjs	Shell Reverse shell File download File write File read SUID Sudo
join	File read SUID Sudo
journalctl	Shell Sudo
jq	File read SUID Sudo
jrunscript	Shell Reverse shell File download File write File read SUID Sudo
knife	Shell Sudo
ksh	Shell Reverse shell File upload File download File write File read SUID Sudo
ksshell	File read SUID Sudo
latex	Shell File read Sudo Limited SUID
ld.so	Shell SUID Sudo
ldconfig	Sudo Limited SUID
less	Shell File write File read SUID Sudo
ln	Sudo
loginctl	Shell Sudo
logsave	Shell SUID Sudo
look	File read SUID Sudo
ltrace	Shell File write File read Sudo
lua	Shell Non-interactive reverse shell Non-interactive bind shell File upload File download File write File read SUID Sudo Limited SUID
lualatex	Shell Sudo Limited SUID
luatex	Shell Sudo Limited SUID
lwp-download	File download File write File read Sudo
lwp-request	File read Sudo
mail	Shell Sudo
make	Shell File write SUID Sudo
man	Shell File read Sudo
mawk	Shell File write File read SUID Sudo Limited SUID
more	Shell File read SUID Sudo
mount	Sudo
msgattrib	File read SUID Sudo
msgcat	File read SUID Sudo
msgconv	File read SUID Sudo
msgfilter	Shell File read SUID Sudo
msgmerge	File read SUID Sudo
msguniq	File read SUID Sudo
mtr	File read Sudo
mv	SUID Sudo
mysql	Shell Library load Sudo Limited SUID
nano	Shell File write File read Sudo Limited SUID
nawk	Shell Non-interactive reverse shell Non-interactive bind shell File write File read SUID Sudo Limited SUID
nc	Reverse shell Bind shell File upload File download Sudo Limited SUID
nice	Shell SUID Sudo
nl	File read SUID Sudo
nmap	Shell Non-interactive reverse shell Non-interactive bind shell File upload File download File write File read SUID Sudo Limited SUID
node	Shell Reverse shell Bind shell File upload File download File write File read SUID Sudo Capabilities
nohup	Shell Command SUID Sudo
npm	Shell Sudo
nroff	Shell File read Sudo
nsenter	Shell Sudo
octave	Shell File write File read Sudo Limited SUID
od	File read SUID Sudo
openssl	Reverse shell File upload File download File write File read Library load SUID Sudo
openvpn	Shell File read SUID Sudo
openvt	Sudo
paste	File read SUID Sudo
pdb	Shell Sudo
pdflatex	Shell File read Sudo Limited SUID
pdftex	Shell Sudo Limited SUID
perl	Shell Reverse shell File read SUID Sudo Capabilities
pg	Shell File read SUID Sudo
php	Shell Command Reverse shell File upload File download File write File read SUID Sudo Capabilities
pic	Shell File read Sudo Limited SUID
pico	Shell File write File read Sudo Limited SUID
pip	Shell Reverse shell File upload File download File write File read Library load Sudo
pkexec	Sudo
pkg	Sudo
pr	File read SUID Sudo
pry	Shell Sudo Limited SUID
psql	Shell Sudo
puppet	Shell File write File read Sudo
python	Shell Reverse shell File upload File download File write File read Library load SUID Sudo Capabilities
rake	Shell File read Sudo Limited SUID
readelf	File read SUID Sudo
red	File write File read Sudo
redcarpet	File read Sudo
restic	File upload SUID Sudo
rev	File read SUID Sudo
rlogin	File upload
rlwrap	Shell File write SUID Sudo
rpm	Shell Sudo Limited SUID
rpmquery	Shell Sudo Limited SUID
rsync	Shell SUID Sudo
ruby	Shell Reverse shell File upload File download File write File read Library load Sudo Capabilities
run-mailcap	Shell File write File read Sudo
run-parts	Shell SUID Sudo
rview	Shell Reverse shell Non-interactive reverse shell Non-interactive bind shell File upload File download File write File read Library load SUID Sudo Capabilities Limited SUID
rvim	Shell Reverse shell Non-interactive reverse shell Non-interactive bind shell File upload File download File write File read Library load SUID Sudo Capabilities Limited SUID
scp	Shell File upload File download Sudo Limited SUID
screen	Shell File write Sudo
script	Shell File write Sudo
sed	Shell Command File write File read SUID Sudo
service	Shell Sudo
setarch	Shell SUID Sudo
sftp	Shell File upload File download Sudo
sg	Shell Sudo
shuf	File write File read SUID Sudo
slsh	Shell Sudo Limited SUID
smbclient	Shell File upload File download Sudo
snap	Sudo
socat	Shell Reverse shell Bind shell File upload File download Sudo Limited SUID
soelim	File read SUID Sudo
sort	File read SUID Sudo
split	Shell Command File write File read Sudo
sqlite3	Shell File write File read SUID Sudo Limited SUID
ss	File read SUID Sudo
ssh-keygen	Library load SUID Sudo
ssh-keyscan	File read SUID Sudo
ssh	Shell File upload File download File read Sudo
start-stop-daemon	Shell SUID Sudo
stdbuf	Shell SUID Sudo
strace	Shell File write SUID Sudo
strings	File read SUID Sudo
su	Sudo
sysctl	File read SUID Sudo
systemctl	SUID Sudo
tac	File read SUID Sudo
tail	File read SUID Sudo
tar	Shell File upload File download File write File read Sudo Limited SUID
taskset	Shell SUID Sudo
tbl	File read SUID Sudo
tclsh	Shell Non-interactive reverse shell SUID Sudo
tcpdump	Command Sudo
tee	File write SUID Sudo
telnet	Shell Reverse shell Sudo Limited SUID
tex	Shell Sudo Limited SUID
tftp	File upload File download SUID Sudo
time	Shell SUID Sudo
timedatectl	Shell Sudo
timeout	Shell SUID Sudo
tmux	Shell File read Sudo
top	Shell Sudo
troff	File read SUID Sudo
tshark	Shell
ul	File read SUID Sudo
unexpand	File read SUID Sudo
uniq	File read SUID Sudo
unshare	Shell SUID Sudo
update-alternatives	SUID Sudo
uudecode	File read SUID Sudo
uuencode	File read SUID Sudo
valgrind	Shell Sudo
vi	Shell File write File read Sudo
view	Shell Reverse shell Non-interactive reverse shell Non-interactive bind shell File upload File download File write File read Library load SUID Sudo Capabilities Limited SUID
vigr	SUID Sudo
vim	Shell Reverse shell Non-interactive reverse shell Non-interactive bind shell File upload File download File write File read Library load SUID Sudo Capabilities Limited SUID
vimdiff	Shell Reverse shell Non-interactive reverse shell Non-interactive bind shell File upload File download File write File read Library load SUID Sudo Capabilities Limited SUID
vipw	SUID Sudo
virsh	File write File read Sudo
watch	Shell SUID Sudo Limited SUID
wc	File read SUID Sudo
wget	File upload File download File write File read SUID Sudo
whois	File upload File download
wish	Shell Non-interactive reverse shell Sudo
xargs	Shell File read SUID Sudo
xelatex	Shell File read Sudo Limited SUID
xetex	Shell Sudo Limited SUID
xmodmap	File read SUID Sudo
xmore	File read SUID Sudo
xxd	File write File read SUID Sudo
xz	File read SUID Sudo
yarn	Shell Sudo
yelp	File read
yum	File download Sudo
zip	Shell File read Sudo Limited SUID
zsh	Shell File write File read SUID Sudo
zsoelim	File read SUID Sudo
zypper	Shell Sudo
No binary matches...

GTFOBins Star

GTFOBins
Star