In our previous blog post, we explored how to use the getcap command in Linux to identify binaries with dangerous capabilities that could potentially be exploited for privilege escalation. In this follow-up post, we will delve into leveraging the power of GTFOBins (Get The F**k Out Binary) to escalate privileges using these identified binaries. GTFOBins provides a curated list of Unix binaries and their abuse potential, opening up avenues for privesc. Let’s dive in!
GTFOBins is a community-driven project that aims to collect Unix binaries that can be abused for privilege escalation. Each entry in the GTFOBins database provides detailed information about a specific binary, including its functionality, potential vulnerabilities, and instructions on how to exploit it to gain escalated privileges. The database serves as a valuable resource for security researchers and system administrators.
Step 1: Identifying Binaries with Dangerous Capabilities⌗
Before we can leverage GTFOBins, we need to identify binaries on our system that possess dangerous capabilities using the getcap command. Refer to our previous blog post “Exploring Linux Privilege Escalation: Unveiling Exploitable Binaries with getcap” for detailed instructions on how to perform this step.
Step 2: Exploring GTFOBins Database⌗
Visit the GTFOBins website (https://gtfobins.github.io/) and navigate to the desired binary that you have identified in Step 1. For example, let’s consider the binary /usr/bin/ping with the SUID bit set.
Step 3: Understanding the Exploit⌗
On the GTFOBins page for the chosen binary, carefully read the description, potential vulnerabilities, and instructions provided. Understand how the binary can be exploited to gain elevated privileges. The instructions often involve leveraging certain command-line arguments, environment variables, or specific sequences of actions.
Step 4: Applying the Exploit⌗
Once you understand the exploitation technique, apply it on your system. Use the provided instructions from GTFOBins, adapting them to your specific scenario. Exercise caution and ensure that you have appropriate permissions and authorisation to perform the exploit.
Step 5: Verifying the Privilege Escalation⌗
After applying the exploit, verify whether the privilege escalation was successful. Check if you now have elevated privileges or expanded access to restricted resources. This step is crucial to confirm the effectiveness of the exploit and ensure that the security vulnerability is properly addressed.
GTFOBins offers a comprehensive database of Unix binaries that can be abused for privilege escalation. By combining the knowledge gained from utilising getcap to identify binaries with dangerous capabilities and GTFOBins to understand the exploitation techniques, you can enhance your understanding of privesc vulnerabilities and strengthen the security of your Linux systems.
Remember, it is essential to conduct security testing and exploration responsibly and with proper authorisation. Always ensure that you are working on systems that you have the explicit permission to test or analyse.
In the next blog post, we will continue exploring additional tools and techniques for privilege escalation in Linux systems.