GTFOBins catalogs 200+ Unix binaries – from awk and curl to systemctl and docker – each tagged with exploitable capabilities usable to escape restricted environments or escalate privileges in misconfigured systems.
Key Takeaways
The full list covers capabilities including shell spawn, file read/write, reverse shell, bind shell, privilege escalation, library load, and upload/download for each listed binary.
Privilege escalation entries include everyday tools: chmod, chown, cp, install, ln, mount, mv, passwd, setcap, and setfacl.
Infrastructure and runtime tools frequently granted broad sudo in dev environments – docker, kubectl, npm, pip, cargo, ansible-playbook – all appear with shell or inherit capabilities.
Common data tools like base64, base32, curl, openssl, and python carry file read/write and upload/download vectors, not just shell spawns.
Reverse and bind shell paths exist for gawk, ncat, node, socat, nmap, ruby, perl, and python, covering most languages likely present on a target system.
Hacker News Comment Review
Initial confusion in comments centered on the threat model: GTFOBins is not about bypassing file permissions you lack; it targets binaries misconfigured with SUID bits or overly broad sudo grants.
The practical scenarios are narrow but real: a restricted shell that permits a handful of binaries, or a sysadmin who granted sudo restic or sudo find without realizing those binaries can spawn a root shell.
Commenters with pentesting and CTF backgrounds confirmed heavy real-world use on platforms like HackTheBox; the resource predates AI coding assistants and remains the authoritative offline reference for Linux privilege escalation enumeration.
Notable Comments
@RagingCactus: Lays out both primary scenarios precisely – restricted shell with arbitrary binary parameters, and SUID/sudo granted on a GTFOBin – which resolves most of the confusion in the thread.
@Terr_: Notes that restic appears on the list and describes hardening it to run as a non-root user with read-all-files capabilities and no login shell as a concrete mitigation pattern.
