← Back to context

Comment by npodbielski

6 hours ago

Ok. It have hundrends o example for all sort of tools, 7z, dig, git. Those are very popular.

Question from security newbie. Why it is not used to hack all sort of servers all the time then?

6 comments

npodbielski

Reply
dominicq  6 hours ago

You need initial access. This is just a list of tools you can use if you can't spawn a standard interactive shell, for whatever reason.

It doesn't make it easier to "hack" servers, it's just a list of things that you could use once you're already inside.

asimovDev  5 hours ago

I think docker was used for these things before. I remember some big service had secrets in env vars and a shell access inside the docker image from a npm post install script let them evacuate these secrets

DaSHacka  6 hours ago

It's only relevant as a privilege escalation vector when you're able to execute those programs as root, but don't otherwise have root access on the server.

It's a pretty niche circumstance. Unless an admin allows users on a server to execute some of these random types of binaries as root, it's not going to be a concern. And, if it wasn't already obvious, distros are almost never configured this way OOTB

  • arcfour  6 hours ago

    I've seen plenty of servers in companies configured to allow sudoers to run a restricted subset of binaries as root, usually without a password. Some of them were GTFObins that the admins were not aware of until I reached out to let them know. I've also seen a couple of restricted shell setups where users could only run a handful of commands. Can't recall if I checked to see if any of them were GTFObins.

    I wouldn't say this is the most useful h4x0r tool ever, but I wouldn't say it's particularly niche, either. This kinda stuff is definitely relevant in older large enterprise-type Linux/Unix environments.

olmo23  6 hours ago

In certain circumstances, they might be :-)

But you can't "hack a server" using just these techniques: they would be a (small) part of a chain of exploits.