Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/jsmoreira02/catbinaries

Tool to make privilege escalation on linux systems easier, using GTFObins (get the f*** out Binaries) techniques
https://github.com/jsmoreira02/catbinaries

gtfobins hacking hacking-tool linux-security privilege-escalation shell-script

Last synced: about 1 month ago
JSON representation

Tool to make privilege escalation on linux systems easier, using GTFObins (get the f*** out Binaries) techniques

Host: GitHub
URL: https://github.com/jsmoreira02/catbinaries
Owner: Jsmoreira02
License: gpl-2.0
Created: 2024-08-15T22:23:28.000Z (3 months ago)
Default Branch: main
Last Pushed: 2024-09-24T03:54:49.000Z (about 2 months ago)
Last Synced: 2024-10-16T07:39:56.995Z (about 1 month ago)
Topics: gtfobins, hacking, hacking-tool, linux-security, privilege-escalation, shell-script
Language: Shell
Homepage:
Size: 23.4 KB
Stars: 2
Watchers: 1
Forks: 1
Open Issues: 0
Metadata Files:
- Readme: README.md

Awesome Lists containing this project

README

![logo-removebg-preview](https://github.com/user-attachments/assets/cb5e882f-c212-4d60-946b-d029f1d72ad1)

# CatBinaries

[![License: GPL-2.0](https://img.shields.io/badge/License-GPL--2.0-blue.svg)](https://opensource.org/licenses/GPL-2.0)

**This project is strongly inspired by the GTFO bins project. Built for lazy hackers (like me) who prefer to do everything in one place**

Tool to make privilege escalation on linux systems easier, using GTFObins (get the f*** out Binaries) techniques. The tool is designed to exploit, identify and list all binaries deconfigured for privilege exploitation: Binaries with SUID, Capabilities, SUDO privileges, reading privileged files.

> GTFOBins is a community-driven project that aims to collect Unix binaries that can be abused for privilege escalation. Each entry in the GTFOBins database provides detailed information about a specific binary, including its functionality, potential vulnerabilities, and instructions on how to exploit it to gain escalated privileges. The database serves as a valuable resource for security researchers and system administrators.

## Upload directly to the target machine:
```bash
curl https://raw.githubusercontent.com/Jsmoreira02/CatBinaries/refs/heads/main/CatBinaries.sh -o /tmp/CatBinaries.sh
```

## Identify Vulnerable Binaries:
![Gravaratela_20240815_195946online-video-cutter com-ezgif com-video-to-gif-converter](https://github.com/user-attachments/assets/8f154db1-bf71-44d0-8469-361c36697d86)

## Exploit Methods:
- **SUID**: If the binary has the SUID bit set, it can be exploited to give the highest privilege on Linux/Unix

- **Sudo Binaries**: If the binary is allowed to run as superuser by sudo, it can be exploited to give the highest privilege on Linux/Unix

- **Capabilities**: Exploit CAP_SETUID capability

- **File Read**: It reads data from files, it may be used to do privileged reads

--------------------------------

![Captura de imagem_20240815_202247](https://github.com/user-attachments/assets/45e90ab7-1c7d-42e7-b555-2d0099db3a0a)

--------------------------------

- This script will constantly receive new binaries and forms of exploitation

## Check out the source of inspiration

- [GTFOBins Page](https://gtfobins.github.io/)
- [@GTFOBins](https://github.com/GTFOBins)

# Warning:
> I am not responsible for any illegal use or damage caused by this tool. It was written for fun, not evil and is intended to raise awareness about cybersecurity.