traitor v0.0.14 releases: Automatic Linux privesc via exploitation of low-hanging fruit

Traitor

Automatically exploit low-hanging fruit to pop a root shell. Linux privilege escalation made easy!

Traitor packages up a bunch of methods to exploit local misconfigurations and vulnerabilities in order to pop a root shell:

• Nearly all of GTFOBins in order to pop a root shell.
• Writeable docker.sock
• CVE-2022-0847 (Dirty pipe)
• CVE-2021-4034
• CVE-2021-3560

It’ll exploit most sudo privileges listed in GTFOBins to pop a root shell, as well as exploit issues like a writable docker.sock. More routes to root will be added over time too.

Usage

Run with no arguments to find potential vulnerabilities/misconfigurations which could allow privilege escalation. Add the -p flag if the current user password is known. The password will be requested if it’s needed to analyse sudo permissions etc.

Run with the -a/–any flag to find potential vulnerabilities, attempting to exploit each, stopping if a root shell is gained. Again, add the -p flag if the current user password is known.

Run with the -e/–exploit flag to attempt to exploit a specific vulnerability and gain a root shell.

Changelog v0.0.14

• fix: improve the reliability of dirty pipe LPE (#80)

   

• * fix: improve the reliability of dirty pipe LPE

   

• * tweak max length

Download

Copyright (c) 2021 Liam Galvin