Grab a binary from the releases page, or use go:ĬGO_ENABLED=0 go get -u /liamg/traitor/cmd/traitor Traitor will run on all Unix-like systems, though certain exploits will only function on certain systems. Run with the -e/ -exploit flag to attempt to exploit a specific vulnerability and gain a root shell.īashtraitor -p -e docker:writable-socket Supported Platforms
Again, add the -p flag if the current user password is known. Run with the -a/ -any flag to find potential vulnerabilities, attempting to exploit each, stopping if a root shell is gained. The password will be requested if it's needed to analyse sudo permissions etc. Add the -p flag if the current user password is known. Run with no arguments to find potential vulnerabilities/misconfigurations which could allow privilege escalation. More routes to root will be added over time too. It'll exploit most sudo privileges listed in GTFOBins to pop a root shell, as well as exploiting issues like a writable docker.sock, or the recent dirty pipe (CVE-2022-0847). Traitor packages up a bunch of methods to exploit local misconfigurations and vulnerabilities in order to pop a root shell: gtfobins, pwnkit, dirty pipe, +w docker.sockĪutomatically exploit low-hanging fruit to pop a root shell. :arrow_up: :skull_and_crossbones: Automatic Linux privesc via exploitation of low-hanging fruit e.g.
0 kommentar(er)
