GTFOBins.github.io/_data/functions.yml

exec-interactive:
  label: Interactive
  description: It executes interactive commands that may be exploited to break out from restricted shells.

exec-non-interactive:
  label: Non-interactive
  description: It executes non-interactive commands that may be exploited to break out from restricted shells.

suid-enabled:
  label: SUID
  description: It runs with the SUID bit set and may be exploited to escalate or maintain the privileges working as a SUID backdoor. (Note that passing the `-p` option to the shell may be useless or even wrong for certain distributions like Debian that run in privileged mode by default.)

suid-limited:
  label: Limited SUID
  description: It runs with the SUID bit set and may be exploited to escalate or maintain the privileges working as a SUID backdoor. This works if the default system shell doesn't drop the SUID privileges, which is usually only valid for Debian Linux systems.

sudo-enabled:
  label: Sudo
  description: It runs in privileged context and may be used to escalate or maintain privileges if enabled on `sudo`.

download:
  label: Download
  description: It can download remote files.

upload:
  label: Upload
  description: It can exfiltrate files on the network.

bind-shell:
  label: Bind shell
  description: It can bind a shell to a local port to allow remote network access.

reverse-shell:
  label: Reverse shell
  description: It can send back a reverse shell to a listening attacker to open a remote network access.

load-library:
  label: Library load
  description: It loads shared libraries that may be used to run code in the binary execution context.

bind-shell-non-interactive:
  label: Non-interactive bind shell
  description: It can bind a non-interactive shell to a local port to allow remote network access.

reverse-shell-non-interactive:
  label: Non-interactive reverse shell
  description: It can send back a non-interactive reverse shell to a listening attacker to open a remote network access.
First commit 2018-05-21 21:14:41 +02:00			`exec-interactive:`
			`label: Interactive`
			`description: It executes interactive commands that may be exploited to break out from restricted shells.`

			`exec-non-interactive:`
			`label: Non-interactive`
			`description: It executes non-interactive commands that may be exploited to break out from restricted shells.`

			`suid-enabled:`
			`label: SUID`
Rephrase the suid-enabled description about the -p option 2018-05-25 01:07:18 +02:00			description: It runs with the SUID bit set and may be exploited to escalate or maintain the privileges working as a SUID backdoor. (Note that passing the `-p` option to the shell may be useless or even wrong for certain distributions like Debian that run in privileged mode by default.)
First commit 2018-05-21 21:14:41 +02:00
			`suid-limited:`
			`label: Limited SUID`
Remove the -p option from suid-limited It is useless because: - if Debian-like, it is not supported and does not drop anyway; - otherwise the `system()`-like function already used a shell that dropped the privileges. 2018-05-25 00:57:42 +02:00			`description: It runs with the SUID bit set and may be exploited to escalate or maintain the privileges working as a SUID backdoor. This works if the default system shell doesn't drop the SUID privileges, which is usually only valid for Debian Linux systems.`
First commit 2018-05-21 21:14:41 +02:00
			`sudo-enabled:`
			`label: Sudo`
Slight rephrase 2018-05-22 22:31:37 +02:00			description: It runs in privileged context and may be used to escalate or maintain privileges if enabled on `sudo`.
First commit 2018-05-21 21:14:41 +02:00
			`download:`
			`label: Download`
			`description: It can download remote files.`

			`upload:`
			`label: Upload`
			`description: It can exfiltrate files on the network.`

			`bind-shell:`
			`label: Bind shell`
			`description: It can bind a shell to a local port to allow remote network access.`

			`reverse-shell:`
			`label: Reverse shell`
			`description: It can send back a reverse shell to a listening attacker to open a remote network access.`

			`load-library:`
			`label: Library load`
			`description: It loads shared libraries that may be used to run code in the binary execution context.`
Introduce non-interactive reverse and bind shells 2018-05-23 09:06:50 +02:00
			`bind-shell-non-interactive:`
			`label: Non-interactive bind shell`
			`description: It can bind a non-interactive shell to a local port to allow remote network access.`

			`reverse-shell-non-interactive:`
			`label: Non-interactive reverse shell`
			`description: It can send back a non-interactive reverse shell to a listening attacker to open a remote network access.`