Merge a9bde5abd47bbd27e51a95c946950b426bba3f72 into b29f2cfde1c72e4ea5191e49604e923bbda98461

2026-01-22 07:41:33 +01:00 · 2025-10-17 10:36:56 +02:00 · 2025-10-17 10:36:56 +02:00 · 33f30cc899
commit 33f30cc899
parent b29f2cfde1 a9bde5abd4
1 changed files with 18 additions and 0 deletions
--- a/_gtfobins/getent.md
+++ b/_gtfobins/getent.md
@ -0,0 +1,18 @@
+---
+description: |
+  `getent` is a utility that retrieves entries from administrative databases configured 
+  via the Name Service Switch (NSS). If misconfigured with the SUID bit, it can be abused 
+  to access sensitive databases such as `shadow`, which contains user password hashes, 
+  including root's.
+
+  This can lead to local privilege escalation by leaking password hashes for offline cracking.
+
+functions:
+  suid:
+    - code: |
+        # Leak root hash from /etc/shadow via getent SUID binary
+        ./getent shadow root
+    - code: |
+        # Dump all hashes
+        ./getent shadow
+---