There is a lot of misunderstanding of context in the comments here. This is a list intended for penetration testers in the privilege escalation phase of exploiting a system, after they've obtained access (the ability to execute with arbitrary parameters) to some "restricted" binary on the possibly misconfigured system.
It's commonly used in CTF competitions. For practical examples of when it's been useful, search for something like "gtfobins tryhackme writeup."
As a defender, the lesson should really be that you shouldn't assume a binary only does one task. As always, you need to be extremely careful passing untrusted user input to a binary, especially if invoking it via a shell.
It's commonly used in CTF competitions. For practical examples of when it's been useful, search for something like "gtfobins tryhackme writeup."
As a defender, the lesson should really be that you shouldn't assume a binary only does one task. As always, you need to be extremely careful passing untrusted user input to a binary, especially if invoking it via a shell.