GTFOBins.github.io/_data/functions.yml

---
# this is the rendering order of functions

shell:
  label: Shell
  description: |
    It can be used to break out from restricted environments by spawning an 
    interactive system shell.

command:
  label: Command
  description: |
    It can be used to break out from restricted environments by running 
    non-interactive system commands.

reverse-shell:
  label: Reverse shell
  description: |
    It can send back a reverse shell to a listening attacker to open a remote
    network access.

reverse-non-interactive-shell:
  label: Reverse non-interactive shell
  description: |
    It can send back a non-interactive reverse shell to a listening attacker to
    open a remote network access.

bind-shell:
  label: Bind shell
  description: |
    It can bind a shell to a local port to allow remote network access.

bind-non-interactive-shell:
  label: Bind non-interactive shell
  description: |
    It can bind a non-interactive shell to a local port to allow remote network
    access.

file-upload:
  label: File upload
  description: |
    It can exfiltrate files on the network.

file-download:
  label: File download
  description: |
    It can download remote files.

file-write:
  label: File write
  description: |
    It writes data to files, it may be used to do privileged writes or write
    files outside a restricted file system.

file-read:
  label: File read
  description: |
    It reads data from files, it may be used to do privileged reads or disclose
    files outside a restricted file system.

library-load:
  label: Library load
  description: |
    It loads shared libraries that may be used to run code in the binary
    execution context.

suid:
  label: SUID
  description: |
    It runs with the SUID bit set and may be exploited to access the file
    system, escalate or maintain access with elevated privileges working as a
    SUID backdoor. If it is used to run `sh -p`, omit the `-p` argument on systems
    like Debian that allow the default `sh` shell to run with SUID privileges.

sudo:
  label: Sudo
  description: |
    It runs in privileged context and may be used to access the file system,
    escalate or maintain access with elevated privileges if enabled on `sudo`.

capabilities:
  label: Capabilities
  description: |
    It can manipulate its process UID and can be used on Linux as a backdoor to maintain
    elevated privileges with the `CAP_SETUID` capability set. This also works when executed
    by another binary with the capability set.

limited-suid:
  label: Limited SUID
  description: |
    It runs with the SUID bit set and may be exploited to access the file
    system, escalate or maintain access with elevated privileges working as a
    SUID backdoor. If it is used to run commands it only works on systems
    like Debian that allow the default `sh` shell to run with SUID privileges.
Fix YAMLs according to YAMLlint 2018-07-16 13:01:50 +00:00			`---`
Render functions in proper order despite the YAML order 2018-09-15 11:17:56 +00:00			`# this is the rendering order of functions`

New function yaml 2018-10-05 17:29:52 +00:00			`shell:`
			`label: Shell`
Fix YAML literal blocks 2018-06-01 10:40:05 +00:00			`description: \|`
New function yaml 2018-10-05 17:29:52 +00:00			`It can be used to break out from restricted environments by spawning an`
			`interactive system shell.`
First commit 2018-05-21 19:14:41 +00:00
New function yaml 2018-10-05 17:29:52 +00:00			`command:`
			`label: Command`
Fix YAML literal blocks 2018-06-01 10:40:05 +00:00			`description: \|`
New function yaml 2018-10-05 17:29:52 +00:00			`It can be used to break out from restricted environments by running`
			`non-interactive system commands.`
First commit 2018-05-21 19:14:41 +00:00
New function yaml 2018-10-05 17:29:52 +00:00			`reverse-shell:`
			`label: Reverse shell`
Fix YAML literal blocks 2018-06-01 10:40:05 +00:00			`description: \|`
Order functions 2018-08-24 12:46:43 +00:00			`It can send back a reverse shell to a listening attacker to open a remote`
			`network access.`
First commit 2018-05-21 19:14:41 +00:00
New function yaml 2018-10-05 17:29:52 +00:00			`reverse-non-interactive-shell:`
			`label: Reverse non-interactive shell`
Fix YAML literal blocks 2018-06-01 10:40:05 +00:00			`description: \|`
Order functions 2018-08-24 12:46:43 +00:00			`It can send back a non-interactive reverse shell to a listening attacker to`
			`open a remote network access.`
First commit 2018-05-21 19:14:41 +00:00
New function yaml 2018-10-05 17:29:52 +00:00			`bind-shell:`
			`label: Bind shell`
Fix YAML literal blocks 2018-06-01 10:40:05 +00:00			`description: \|`
Order functions 2018-08-24 12:46:43 +00:00			`It can bind a shell to a local port to allow remote network access.`
First commit 2018-05-21 19:14:41 +00:00
New function yaml 2018-10-05 17:29:52 +00:00			`bind-non-interactive-shell:`
			`label: Bind non-interactive shell`
Fix YAML literal blocks 2018-06-01 10:40:05 +00:00			`description: \|`
Order functions 2018-08-24 12:46:43 +00:00			`It can bind a non-interactive shell to a local port to allow remote network`
			`access.`
First commit 2018-05-21 19:14:41 +00:00
New function yaml 2018-10-05 17:29:52 +00:00			`file-upload:`
			`label: File upload`
Fix YAML literal blocks 2018-06-01 10:40:05 +00:00			`description: \|`
			`It can exfiltrate files on the network.`
First commit 2018-05-21 19:14:41 +00:00
New function yaml 2018-10-05 17:29:52 +00:00			`file-download:`
			`label: File download`
Fix YAML literal blocks 2018-06-01 10:40:05 +00:00			`description: \|`
Order functions 2018-08-24 12:46:43 +00:00			`It can download remote files.`
First commit 2018-05-21 19:14:41 +00:00
Order functions 2018-08-24 12:46:43 +00:00			`file-write:`
			`label: File write`
Fix YAML literal blocks 2018-06-01 10:40:05 +00:00			`description: \|`
Order functions 2018-08-24 12:46:43 +00:00			`It writes data to files, it may be used to do privileged writes or write`
			`files outside a restricted file system.`
Introduce non-interactive reverse and bind shells 2018-05-23 07:06:50 +00:00
Order functions 2018-08-24 12:46:43 +00:00			`file-read:`
			`label: File read`
Fix YAML literal blocks 2018-06-01 10:40:05 +00:00			`description: \|`
Order functions 2018-08-24 12:46:43 +00:00			`It reads data from files, it may be used to do privileged reads or disclose`
			`files outside a restricted file system.`
Reorganize function names 2018-05-25 13:30:02 +00:00
New function yaml 2018-10-05 17:29:52 +00:00			`library-load:`
Reorganize function names 2018-05-25 13:30:02 +00:00			`label: Library load`
Fix YAML literal blocks 2018-06-01 10:40:05 +00:00			`description: \|`
			`It loads shared libraries that may be used to run code in the binary`
			`execution context.`
Add read and write functions 2018-05-28 17:08:53 +00:00
New function yaml 2018-10-05 17:29:52 +00:00			`suid:`
Order functions 2018-08-24 12:46:43 +00:00			`label: SUID`
Fix YAML literal blocks 2018-06-01 10:40:05 +00:00			`description: \|`
Order functions 2018-08-24 12:46:43 +00:00			`It runs with the SUID bit set and may be exploited to access the file`
			`system, escalate or maintain access with elevated privileges working as a`
Rephrase sudo functions 2018-08-24 13:34:09 +00:00			SUID backdoor. If it is used to run `sh -p`, omit the `-p` argument on systems
			like Debian that allow the default `sh` shell to run with SUID privileges.
Fix trailing spaces 2018-05-28 17:55:44 +00:00
New function yaml 2018-10-05 17:29:52 +00:00			`sudo:`
Order functions 2018-08-24 12:46:43 +00:00			`label: Sudo`
Fix YAML literal blocks 2018-06-01 10:40:05 +00:00			`description: \|`
Order functions 2018-08-24 12:46:43 +00:00			`It runs in privileged context and may be used to access the file system,`
			escalate or maintain access with elevated privileges if enabled on `sudo`.

New function yaml 2018-10-05 17:29:52 +00:00			`capabilities:`
Reorder functions 2018-09-12 20:56:42 +00:00			`label: Capabilities`
			`description: \|`
Rephrase capabilities 2018-09-16 09:02:55 +00:00			`It can manipulate its process UID and can be used on Linux as a backdoor to maintain`
			elevated privileges with the `CAP_SETUID` capability set. This also works when executed
Rephrase capabilities 2018-09-16 09:02:33 +00:00			`by another binary with the capability set.`
Reorder functions 2018-09-12 20:56:42 +00:00
New function yaml 2018-10-05 17:29:52 +00:00			`limited-suid:`
Order functions 2018-08-24 12:46:43 +00:00			`label: Limited SUID`
			`description: \|`
			`It runs with the SUID bit set and may be exploited to access the file`
			`system, escalate or maintain access with elevated privileges working as a`
Rephrase sudo functions 2018-08-24 13:34:09 +00:00			`SUID backdoor. If it is used to run commands it only works on systems`
			like Debian that allow the default `sh` shell to run with SUID privileges.