In the past I have just lurked here, but now I have something of interest to post, I thought I would finally signup.
I’m sharing a new tool I’ve created called GTFONow, its used for automatic privilege escalation by abusing misconfigured unix capabilities, sudo and suid binaries.
It is intended for CTFs, but could work on pentests too, however it can be quite noisy so its not recommended if you are aiming to be stealthy.
Currently it has the following features:
- Automatically escalate privileges using misconfigured sudo permissions.
- Automatically escalate privileges using misconfigured suid permissions.
- Automatically escalated privileges using misconfigured capabilities.
- Supports Python 2 and 3.
- No third party libraries required.
- Support sudo
NOPASSWDescalation, automatically attempts to enumerate sudo binaries for when password is not known and
sudo -lis not accessible.