Linux privilege escalation made easy.
Packages up a bunch of methods to exploit local misconfigurations/vulns (including all of GTFOBins) in order to gain a root shell.
Run with no arguments to find potential vulnerabilities/misconfigurations which could allow privilege escalation.
traitorRun with the -a/--any flag to find potential vulnerabilities, attempting to exploit each, stopping if a root shell is gained.
traitor -aRun with the -e/--exploit flag to attempt to exploit a specific vulnerability and gain a root shell.
traitor -e docker:writable-socketGrab a binary from the releases page, or use go:
go get -u github.com/liamg/traitor/cmd/traitor
If the machine you're attempting privesc on cannot reach GitHub to download the binary, and you have no way to upload the binary to the machine over SCP/FTP etc., then you can try base64 encoding the binary on your machine, and echoing the base64 encoded string to | base64 -d > /tmp/traitor on the target machine, remembering to chmod +x it once it arrives.
- Writable
docker.sock(no internet connection or local images required!) - sudo:CVE-2021-3156
- Basic sudo
- GTFOBins via weak sudo rules
- Kernel exploits