vim
Vi Improved text editor. Can execute shell commands via :!cmd, spawn interactive shells, read and write arbitrary files, and is a common sudo escape vector.
Binary Paths
/usr/bin/vim/bin/vim/usr/bin/vi
Glob Patterns
| Pattern | Notes |
|---|---|
vi?
|
Single wildcard replaces 'm' — also matches 'vi' binary if present |
v?m
|
Wildcard replaces 'i' |
v[i]m
|
Character class around 'i' |
/usr/bin/vi?
|
Full path wildcard on last char |
/???/bin/vi?
|
Obfuscate /usr/ and last char of vim |
$(ls /usr/bin/vi?)
|
ls resolves glob to /usr/bin/vim; command substitution executes it |
$'\x76\x69\x6d'
|
ANSI-C hex escapes expand to 'vim' |
Pattern Tester
$
Try typing vim or a full path like /usr/bin/vim
YARA Rule
Auto-generated detection rule for vim
Platform Notes
vim can execute shell commands: vim -c ':!whoami' -c ':q'. For a persistent shell: vim -c ':set shell=/bin/bash' -c ':shell'. If vim runs with sudo: sudo vim -c ':!bash' drops to a root shell. GTFOBins documents vim as a file read/write, SUID, and sudo escape vector.