https://github.com/jsmoreira02/catbinaries
Tool to make privilege escalation on linux systems easier, using GTFObins (get the f*** out Binaries) techniques
https://github.com/jsmoreira02/catbinaries
gtfobins hacking hacking-tool linux-security privilege-escalation shell-script
Last synced: 8 months ago
JSON representation
Tool to make privilege escalation on linux systems easier, using GTFObins (get the f*** out Binaries) techniques
- Host: GitHub
- URL: https://github.com/jsmoreira02/catbinaries
- Owner: Jsmoreira02
- License: gpl-2.0
- Created: 2024-08-15T22:23:28.000Z (over 1 year ago)
- Default Branch: main
- Last Pushed: 2024-09-24T03:54:49.000Z (over 1 year ago)
- Last Synced: 2024-10-17T12:21:39.978Z (over 1 year ago)
- Topics: gtfobins, hacking, hacking-tool, linux-security, privilege-escalation, shell-script
- Language: Shell
- Homepage:
- Size: 23.4 KB
- Stars: 2
- Watchers: 1
- Forks: 1
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
# CatBinaries
[](https://opensource.org/licenses/GPL-2.0)
**This project is strongly inspired by the GTFO bins project. Built for lazy hackers (like me) who prefer to do everything in one place**
Tool to make privilege escalation on linux systems easier, using GTFObins (get the f*** out Binaries) techniques. The tool is designed to exploit, identify and list all binaries deconfigured for privilege exploitation: Binaries with SUID, Capabilities, SUDO privileges, reading privileged files.
> GTFOBins is a community-driven project that aims to collect Unix binaries that can be abused for privilege escalation. Each entry in the GTFOBins database provides detailed information about a specific binary, including its functionality, potential vulnerabilities, and instructions on how to exploit it to gain escalated privileges. The database serves as a valuable resource for security researchers and system administrators.
## Upload directly to the target machine:
```bash
curl https://raw.githubusercontent.com/Jsmoreira02/CatBinaries/refs/heads/main/CatBinaries.sh -o /tmp/CatBinaries.sh
```
## Identify Vulnerable Binaries - Outdated video:
## Exploit Methods:
- **SUID**: If the binary has the SUID bit set, it can be exploited to give the highest privilege on Linux/Unix
- **Sudo Binaries**: If the binary is allowed to run as superuser by sudo, it can be exploited to give the highest privilege on Linux/Unix
- **Capabilities**: Exploit CAP_SETUID capability
- **Reverse Shell**: Remote connection
- **File Read**: It reads data from files, it may be used to do privileged reads
##
## New techniques and mechanics:
#### ❗ Now you can add the full/custom path of the binary or sudo as a prefix. ❗:
- The script will recognize the binary and use the normally selected exploit method, but more versatile and new options to exploit the target
### Examples:
- #### Sudo prefix:
--------------------------------
--------------------------------
- #### Custom PATH:
--------------------------------
--------------------------------
## New Features:
- ⏰ **COMING SOON**: New form of exploitation: Library Load
- ⏰ **COMING SOON**: Clearing the tracks feature
##
- This script will constantly receive new binaries and forms of exploitation
## Check out the source of inspiration
- [GTFOBins Page](https://gtfobins.github.io/)
- [@GTFOBins](https://github.com/GTFOBins)
# Warning:
> I am not responsible for any illegal use or damage caused by this tool. It was written for fun, not evil and is intended to raise awareness about cybersecurity.