diff --git a/_gtfobins/getent.md b/_gtfobins/getent.md
new file mode 100644
index 00000000..aa5f992b
--- /dev/null
+++ b/_gtfobins/getent.md
@@ -0,0 +1,18 @@
+---
+description: |
+  `getent` is a utility that retrieves entries from administrative databases configured 
+  via the Name Service Switch (NSS). If misconfigured with the SUID bit, it can be abused 
+  to access sensitive databases such as `shadow`, which contains user password hashes, 
+  including root's.
+
+  This can lead to local privilege escalation by leaking password hashes for offline cracking.
+
+functions:
+  suid:
+    - code: |
+        # Leak root hash from /etc/shadow via getent SUID binary
+        ./getent shadow root
+    - code: |
+        # Dump all hashes
+        ./getent shadow
+---