Traitor packages up a bunch of methods to exploit local misconfigurations and vulnerabilities (including most of GTFOBins) in order to pop a root shell. Automatically exploit low-hanging fruit to pop a root shell. Linux privilege escalation made easy!
It’ll exploit most sudo privileges listed in GTFOBins to pop a root shell, as well as exploiting issues like a writable docker.sock
. More routes to root will be added over time too.
Usage
Run with no arguments to find potential vulnerabilities/misconfigurations which could allow privilege escalation. Add the -p
flag if the current user password is known. The password will be requested if it’s needed to analyse sudo permissions etc.
traitor -p
Run with the -a
/--any
flag to find potential vulnerabilities, attempting to exploit each, stopping if a root shell is gained. Again, add the -p
flag if the current user password is known.
traitor -a -p
Run with the -e
/--exploit
flag to attempt to exploit a specific vulnerability and gain a root shell.
traitor -p -e docker:writable-socket
Supported Platforms
Traitor will run on all Unix-like systems, though certain exploits will only function on certain systems.
Getting Traitor
Grab a binary from the releases page, or use go:
CGO_ENABLED=0 go get -u github.com/liamg/traitor/cmd/traitor
If the machine you’re attempting privesc on cannot reach GitHub to download the binary, and you have no way to upload the binary to the machine over SCP/FTP etc., then you can try base64 encoding the binary on your machine, and echoing the base64 encoded string to | base64 -d > /tmp/traitor
on the target machine, remembering to chmod +x
it once it arrives.
Pystinger is a Python-based tool that enables SOCKS4 proxying and port mapping through webshells. It…
Introduction When it comes to cybersecurity, speed and privacy are critical. Public vulnerability databases like…
Introduction When it comes to cybersecurity, speed and privacy are critical. Public vulnerability databases like…
If you are working with Linux or writing bash scripts, one of the most common…
What is a bash case statement? A bash case statement is a way to control…
Why Do We Check Files in Bash? When writing a Bash script, you often work…