alt Hacker NewsOk. It have hundrends o example for all sort of tools, 7z, dig, git. Those are very popular.
Question from security newbie. Why it is not used to hack all sort of servers all the time then?
Replies
I think docker was used for these things before. I remember some big service had secrets in env vars and a shell access inside the docker image from a npm post install script let them evacuate these secrets
It's only relevant as a privilege escalation vector when you're able to execute those programs as root, but don't otherwise have root access on the server.
It's a pretty niche circumstance. Unless an admin allows users on a server to execute some of these random types of binaries as root, it's not going to be a concern. And, if it wasn't already obvious, distros are almost never configured this way OOTB
Because you have to have shell access to the server to use any of these.
In certain circumstances, they might be :-)
But you can't "hack a server" using just these techniques: they would be a (small) part of a chain of exploits.
You need initial access. This is just a list of tools you can use if you can't spawn a standard interactive shell, for whatever reason.
It doesn't make it easier to "hack" servers, it's just a list of things that you could use once you're already inside.